New China Laws | UK Ministry of Defence Attack | 4 Threats to Prepare For in 2022 | Top 5 Data Security Predictions for 2022
Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group
New China Laws
To kick off our first news update of the year, let's head over to China. China, who is looking to gain greater oversight of its tech sector, has said that it will introduce new rules that will require internet companies holding the data of more than one million users to undergo a network security review before listing overseas.
The Cyberspace Administration of China (CAC) have said that the main purpose of this rule is to further protect network and data security, and to maintain Chinese national security. This will be implemented from February 15th. If the regulator finds that a company’s data processing activities do not endanger national security, then an overseas listing can proceed.
In addition to this but in a separate statement, the CAC also announced new rules around the use of algorithm recommendation technology that will be implemented from March 1st. These new rules include a requirement that companies give users the right to switch off the service and increases oversight of news organisations that use the technology to share information.
Source - New China Laws - CNBC
Source - New China Laws - IT Pro
UK Ministry of Defence Attack
Next, we come back to the UK. It has been revealed that a cyberattack was discovered in March last year that attacked the UK Ministry of Defence training academy. A retired military officer, Air Marshal Edward Stringer who was in charge at the time disclosed the attack said that it had a “significant impact” on the organisation.
Unusual activity was detected by IT outsourcer Serco, but it was believed that this was due to a kind of IT error rather than malicious activity. The target was the Defence Academy of the United Kingdom – an organisation responsible for teaching and training thousands of military personnel, MoD employees, wider government figures, and oversees students. The courses on offer include topics such as security, strategy, languages, and information warfare.
Currently, full attribution is not available for who was responsible. However, the publication reports that China or Russia was “possibly” involved, with Iran and North Korea also being suggested as potential sources of the attack.
This attack is significant as the academy could have been used as a backdoor to target the wider Ministry of Defence. This would have severe ramifications and could have potential consequences on national security. Despite these concerns, it doesn’t appear that there have been any further breaches beyond the Defence Academy.
The National Cyber Security Centre is aware of the cyberattack and an investigation has been launched.
Source - MOD Attack - ZD Net
Source - MOD Attack - The Guardian
Source - MOD Attack - Sky News
4 Threats to Prepare For in 2022
Staying with the theme of attacks and threats, Security Magazine has published an article about four threats to prepare for this year.
- Continued commodification of software supply chain attacks could result in more high-profile targets
- Ransomware gangs could put lives at risk and engage in “pile-ons”
- Weaponization of firmware attacks will lower the bar for entry
- Hybrid work will create more opportunities to attack users
As always, for full context on each of the four points please visit the source of the article below on Security Magazine's website.
Top 5 Data Security Predictions for 2022
Finally, we’ll stick with the theme of predictions for the year ahead but turn our attention to data security. Forbes have published an article discussing the top five data security predictions for the year. This article includes discussions and predictions from Splunk Global Security Advisor Mick Baccio, and Splunk CISO Pamela Fusco. The predictions are:
- Ransomware will increase as cybercriminals professionalise – and leverage the supply chain.
- A major public cloud service provider could be the next big breach.
- The sharing of threat intelligence will increase – first via security vendors, later through government programs (maybe).
- DevSecOps principles will be adopted faster than DevSecOps as a formal practice.
- Basic security diligence is your new perimeter.
As before, full context of each point can be viewed on the full source article on the Forbes website listed below. You can also review the full Splunk Data Security Predictions for 2022 report by visiting the Splunk website, or by clicking on the source below.
Source - Data Security Predictions - Forbes