Cyber security: A month in retrospect (Australia) – March 2024

It has been an interesting month in the cyber world. We know it has been incredibly busy, but a limited number of incidents are breaking the “media-surface”. We continue to monitor the fallout from the BlackCat / LockBit takedowns, we take a keen interest in international developments, and we proudly launch our latest “Cross Examining … Read more

How open is open source? Averted cyber attack indicates watershed moment in open source supply chain security and poses important questions on software liability

Malicious code in open source software XZ Utils revealed a years-long compromise effort to gain remote administrator access to Linux systems. The cyber operation could have resulted in an unprecedented open source supply chain attack and was averted through the accidental discovery by a software engineer. The incident sheds light on the culture of trust … Read more

Cyber security: A month in retrospect (Australia) – February 2024

This past month has been an interesting one for cyber security enthusiasts (like us!) – a mixture of cyber activity, policy setting and mini breakthroughs. Again, we’ve collated the top stories from the month of February, so you don’t have to: Late in the month, the AICD published a governance framework to guide Boards through … Read more

Cyber Monthly Wrap-up (UK, EMEA and the US) – November 2023

Welcome to HSF's November wrap up; our top picks for cyber-related news in the UK, EMEA and US. Our short summary and commentary is aimed at giving you the awareness and insights you need, with minimum time investment. Below you will find:
  • Developments in regulatory requirements and guidance;
  • Wider cyber industry news; and
  • Particularly noteworthy (reported) cyber incidents.
Read more

Cyber risk in Critical National Infrastructure features prominently in UK 2023 National Risk Register

In August 2023, the UK Government published its 2023 National Risk Register ("the Risk Register"), listing the 89 main publicly-acknowledged risks facing the UK. Cyber-attacks on gas infrastructure, electricity infrastructure, civil nuclear, fuel supply infrastructure, the health and social care system, the transport sector, telecommunications systems and one or more UK retail banks are cited as key risks in the report. Read more

High profile cyberattacks increase emphasis upon cyber resilience in South Africa’s energy sector

On Thursday 25 July 2019, the City of Johannesburg's electricity service provider, City Power, suffered a ransomware attack which encrypted its databases, applications and network. The attack disabled the utility's website and prevented its customers from being able to purchase electricity from the utility which potentially impacted up to a quarter of a million customers. In addition, City Power was delayed from responding to localised blackouts, leaving several suburbs in the dark, as City Power's systems were unable to efficiently detect faults in the entity's distribution system. Read more

US SEC moves against individual directors over SolarWinds nation state supply chain attack

The US Securities and Exchange Commission (SEC)'s issue of a Wells Notice to SolarWinds Corporation's former and current executives this summer is a sharp reminder that there can be serious consequences for individuals following cyber security incidents. There is a global trend towards holding senior people within companies personally responsible for cyber security. Individuals can be sanctioned by regulators, find themselves facing action for breach of their fiduciary duties to their companies, and even the target of litigation, including in class actions by investors that name officers or directors as defendants in their individual capacity. Read more

German Minister of Interior considers amendment of Constitution to defend against cyber attacks

In Germany, the Federal Minister of the Interior, Nancy Faeser, considered two amendments to the Constitution as part of an ambitious plan to strengthen cybersecurity across the nation. This followed from calls to strengthen cyber resilience for federal authorities, critical infrastructure and to modernise and expand cybersecurity architecture in Germany. Ms. Faeser noted that cybersecurity threats remained high. German authorities and businesses have been the target of cyberattacks since Russia's war in Ukraine. Disinformation, sabotage and espionage were also identified as critical issues. Read more