ETSI White Paper and webinar map the way forward with IPv6

Sophia Antipolis, 21 September

An ETSI webinar has examined the global status of IPv6 (Internet Protocol version 6) with discussions on deployment, industrial applications, transition solutions and progress on standardization.

Read More...

ETSI Fifth Generation Fixed Network White Paper paves the way for Fibre to Everywhere and Everything

Sophia Antipolis, 30 September 2020

The ETSI ISG F5G (Fifth Generation Fixed Network) has released a White Paper that sets the scene for the evolution of on-premise, fixed access, and aggregation networks. In this White Paper, ETSI presents the vision, value, use cases, features, and technologies of F5G, aiming to foster a global effort to realize its full potential.

Read More...

ETSI announces MEC Sandbox for edge app developers

Sophia Antipolis, 6 January 2021

ETSI announces the launch of ETSI MEC Sandbox, available at https://try-mec.etsi.org/. The Sandbox is designed to allow application developers to experience and interact with an implementation of ETSI MEC APIs and test out their applications.  

Read More...

ETSI NFV and MEC API 2021 testing event Report now available

Sophia Antipolis, 16 April 2021

The ETSI NFV&MEC API Plugtests™ 2021 event, which ran remotely during the whole month of February, allowed participants to self-evaluate the conformance of their API server implementations with network function virtualization and multi-access edge computing API specifications. The event allowed also to validate and gather feedback on ETSI NFV and MEC API and Conformance Testing Specifications, and associated Robot test suites. The full Report, including results, findings and lessons learnt is now available HERE.

Read More...

ETSI releases a white paper on future ICT technology trends

Sophia Antipolis, 10 May 2021

“Information and Communications Technology (ICT) is an exciting and dynamic area, that is in constant innovation, through the evolution of existing concepts and technologies but also through the emergence of disruptive technologies and even sometimes unexpected new use cases”.

Read More...

ETSI releases a White Paper on MEC security, first initiative in this domain

Sophia Antipolis, 3 June 2021

ETSI publishes today a White Paper titled MEC security: Status of standards support and future evolutions written by several authors participating in MEC and other related ETSI groups. This White Paper, the very first initiative in this domain, aims to identify aspects of security where the nature of edge computing leaves typical industry approaches to cloud security insufficient. 

Read More...

ETSI releases IoT testing specifications for MQTT, CoAP and industrial automation and control systems

Sophia Antipolis, 25 June 2021

The ETSI committee on Methods for Testing and Specifications (TC MTS) has recently completed a first set of seven standards addressing the testing of the IoT MQTT and CoAP protocols, and the foundational security IoT-Profile.

Read More...

ETSI launches new White Paper titled Fibre Development Index: Driving Towards an F5G Gigabit Society

Sophia Antipolis, 19 August 2021

Fibre and fibre-based optical networks are the key technical enablers of our society's twin transitions (green and digital), providing sustainable and cost-effective communication with high bandwidth, stability, reliability, and improved latency. In addition, the fibre evolution enables sustainable economic growth through advanced services and applications for users, businesses, and industries.

The new ETSI White Paper explains the methodology used to define a fibre development index, provides migration path recommendations to countries with different fibre development, and highlights the importance of setting policies to underpin that twin (green and digital) transformation.

Read More...

ETSI launches first specification for the 5th Generation Fixed Network, F5G technology landscape

Sophia Antipolis, 23 September 2021

ETSI's 5^th Generation Fixed Network group (F5G ISG) has just released its first specification, ETSI GS F5G 003, entitled F5G Technology Landscape. In this specification, the ISG studies the technical requirements, existing standards and gaps for 10 different new use cases, for home, enterprises or industrial needs.

ETSI GS F5G 003 use cases include PON (passive optical network) on-premises and passive optical LAN. In this case, a PON system could connect end devices (like HDTV, HD surveillance cameras and VR/AR helmets) and provide higher data rate, better coordination and controlled latency than current Ethernet and Wi-Fi mesh.

Read More...

ETSI releases two Technical Reports to support US NIST standards for post-quantum cryptography

Sophia Antipolis, 6 October 2021

In 2016 the US National Institute of Standards and Technology (NIST) announced their intention to develop new standards for post-quantum cryptography. They subsequently initiated a competition-like standardization process with a call for proposals for quantum-safe digital signatures, public-key encryption schemes, and key encapsulation mechanisms. NIST have stated that they intend to select quantum-safe schemes for standardization at the end of the current, third round of evaluation.

Read More...

World’s first non-cellular 5G technology, ETSI DECT-2020, gets ITU-R approval, setting example of new era connectivity

Sophia Antipolis, 19 October 2021

ETSI DECT-2020 NR, the world’s first non-cellular 5G technology standard, has been recognized by the WP5D of the International Telecommunication Union’s Radiocommunication Sector (ITU-R) and included as part of the 5G standards in IMT-2020 technology recommendation. Dr. Günter Kleindl, Chair of the ETSI Technical Committee DECT, says: “With our traditional DECT standard we already received IMT-2000 approval by ITU-R twenty-one years ago, but the requirements for 5G were so much higher, that we had to develop a completely new, but compatible, radio standard.” Released last year, the standard sets an example of future connectivity: the infrastructure-less and autonomous, decentralized technology is designed for massive IoT networks for enterprises. It has no single points of failure and is accessible to anyone, costing only a fraction of the cellular networks both in dollars and in carbon footprint.

Read More...

ETSI Announces Second Release on Self-Adapting Autonomous Networks

Sophia Antipolis, 13 January 2022

Following on from meetings conducted in late 2021, ETSI has now completed Release 2 of its Experiential Networked Intelligence (ENI) specifications with the system architecture ETSI GS ENI 005. 

ETSI GS ENI 005 and associated documents will provide better insight into network operations - allowing more effective closed-loop decision making plus better lifecycle management. Through its use, operators will be able to leverage acquired data and apply artificial Intelligence (AI) algorithms to it. This will mean that they can respond much quicker to changing situations and gain far greater agility. The services being delivered across their networks may thereby be rapidly adapted and the resources they have available correctly assigned in accordance with subscribers’ requirements, or any other alterations in circumstances (either operationally or commercially driven).

Read More...

ETSI publishes a white paper introducing Permissioned Distributed Ledger (PDL)

Sophia Antipolis, 24 January 2022

After the release of the first specification on smart contracts on 18 January, members from the ETSI PDL group published a White Paper entitled “An Introduction of Permissioned Distributed Ledger (PDL)”.

Distributed ledgers have consolidated as one of the most disruptive applications of information technology that have appeared in recent years. Their ability to store any kind of data as a consensus of replicated, shared, and synchronized digital records distributed across multiple sites, without depending on any central administrator, together with their properties regarding immutability (and therefore non-repudiation) and multi-party verifiability opens a wide range of applications.

Read More...

New ETSI White Paper and MEC Hackathon: another step to engage with app developers and verticals

Sophia Antipolis, 16 June 2022

The ETSI MEC (Multi-access Edge Computing) group is pleased to announce a new White Paper which aims to describe the deployment options related to MEC federation, especially from an architectural point of view. With a key focus on ETSI MEC implementations, it also aims to provide an open approach taking into account other standards and technologies, including those from 3GPP SA Working Group 6 and GSMA OPG. For this purpose, the White Paper first analyses the recent publications of GSMA OPG and recent updates in ETSI MEC and 3GPP specifications, then introduces the synergized architecture supported by both standards organizations, which indicates the background information for the deployment of MEC federation harmonized standards for edge computing.

Read More...

ETSI Encrypted Traffic Integration group extends term to work on cryptographic and key management models

Sophia Antipolis, 2 August 2022

ETSI has recently extended the term of its Industry Specification Group Encrypted Traffic Integration (ISG ETI) for a two-year period through to mid-2024 to work on specific cryptographic and key management models.

Read More...

ETSI publishes a new white paper on Fixed 5^th generation advanced

Sophia Antipolis, 22 September 2022

Members from the ETSI Fixed 5^th generation (F5G) group have just published a new white paper “F5G advanced and beyond”. This white paper describes the drivers, dimensions, and technologies of the F5G advanced and beyond.

Nine key applications or industry trends are identified as key drivers for F5G Advanced. These can be grouped into two categories: those that are oriented towards services and applications, and those that are directed towards network transformation. Ultra-high-definition immersive experience services could put many new requirements on the network. Enterprises will continue their digitization and cloudification, and this is a huge opportunity for fixed networks.

Read More...

ETSI publishes a new White Paper on Multi-access Edge Computing security

Sophia Antipolis, 28 September 2022

Members from the ETSI Multi-Access Edge Computing group (ISG MEC) have just published a new white paper, “MEC security; Status of standards support and future evolutions".

Read More...

New ETSI specification allows single UICC to support the use of multiple applications simultaneously

Sophia Antipolis, 26 October 2022

New specifications released by ETSI will enable multiple subscriptions and identities to exist in the same smartphone handset without needing several SIM cards to be within the device.

The mobile telecom industry has been facing an increasing demand for applications running on mobile devices like banking, payments, transport and identity for some time. These new specifications address this demand by adding the possibility to host and address several "virtual secure elements" into the same UICC. This allows multiple virtual secure elements to coexist logically separated, whilst having the ability to be addressed independently through the same physical interface.

Read More...

ETSI’s Activities in Artificial Intelligence: Read our New White Paper

Sophia Antipolis, 21 December 2022

ETSI has a long history of developing standards in the field of artificial intelligence (AI) and systems that use and support AI. Today ETSI is pleased to release a new White Paper developed by a variety of members and experts. They include companies from telecom and network communication sectors, from large and small and medium enterprises, based either in Europe, Asia or America.

This White Paper entitled ETSI Activities in the field of Artificial Intelligence supports all stakeholders and summarizes ongoing effort in ETSI and planned future activities. It also includes an analysis on how ETSI deliverables may support current policy initiatives in the field of artificial intelligence.  A section of the document outlines ETSI activities of relevance to address Societal Challenges in AI while another addresses the involvement of the European Research Community.

Read More...

Sophia Antipolis, 9 January 2023

The ETSI group on Experiential Networked Intelligence (ISG ENI) has just published a White Paper describing the design of a novel cognitive network. This White Paper explains how the ETSI ENI novel system architecture (based on ETSI GS ENI-005) intelligently manages, predicts, adjusts and optimises network behaviour using cognition management, thereby enhancing the operator experience.

Read More...

New Extension for Disabled People to the ETSI Mobile Emergency App Framework

Sophia Antipolis, 16 January 2023

The ETSI emergency communications technical committee has just released a specification for a Pan-European Mobile Emergency Application framework (PEMEA) Real-Time Text Extension. Real-Time Text (RTT) communications are used extensively by people with hearing and speech disabilities around the world. These systems convey letters as they are typed from the source to the destination.

Read More...

Sophia Antipolis, France/Brussels, Belgium 24 January 2023

The 6G-IA brings together a global industry community of telecoms and digital actors such as operators, manufacturers, research institutes, universities, verticals, SMEs and ICT associations. The association carries out a wide range of activities in strategic areas including standardization, frequency spectrum, R&D projects, technology skills, collaboration with key vertical industry sectors, notably the development of trials, and international cooperation.

Read More...

Sophia Antipolis, 2 February 2023

ETSI, the organization for globally applicable standards for information and communication technology (ICT), has adopted a new instrument, Software Development Groups (SDGs). This game-changing move will help ETSI adapt to the ever-evolving landscape of technology and standards development. Developing software to accompany standards will accelerate the standardization process, providing faster feedback loops and improving the quality of standards.

Read More...

Sophia Antipolis, 8 February 2023

On 7 February, the European Standards Organizations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise their 7th annual conference. The hybrid conference took place at the Brussels Renaissance Hotel and focused on “European Standardization in support of the EU cybersecurity legislation”.

Read More...

Sophia Antipolis, 16 February 2023

The 9th face-to-face ETSI-IQC Quantum-Safe Cryptography event this week attracted a large audience of nearly 200 people from Europe, North America and Asia, bringing together industry, academia and government. The event was kicked off by ETSI Director-General Luis Jorge Romero, who gave an overview of the quantum-safe standardization journey since the first workshop in 2013 and reiterated ETSI’s continued support for this important global effort.

Read More...

Sophia Antipolis, 23 March 2023

Autonomous Networks (AN) are considered one of the most important evolutions to enable Digital Transformation, offering new service opportunities and significant cost saving in network operation. It is one of the most attractive environments where to leverage Artificial Intelligence in the Network and activities around Autonomous Networks have gained momentum in Standards and ICT Industry.

Read More...

Sophia Antipolis, 14 April 2023

Today we expect to be able to communicate anywhere, with everyone, at anytime, on every device and at the same time use various services that will help us save time in our daily life.

Read More...

Sophia Antipolis, 30 May 2023

ETSI is pleased to publish its new White Paper on “Evolving NFV towards the next decade” written by delegates of the ETSI Industry Specification Group on Network Function Virtualization (ISG NFV).

Read More...

Sophia Antipolis, 6 June 2023

In a joint effort to promote spectrum sharing approaches for specific use cases, ETSI and The Wireless Innovation Forum (WinnForum) have developed a joint whitepaper: Spectrum Sharing Frameworks for Temporary, Dynamic, and Flexible Spectrum Access for Local Private Networks.

Read More...

Sophia Antipolis, 22 June 2023

ETSI has just released a new White Paper on “MEC Support for Edge Native Design” written by members of the ETSI Multi-access Edge Computing group (ISG MEC). This White Paper provides an overview and vision about the Edge Native approach, as a natural evolution of Cloud Native. 

Read More...

Sophia Antipolis, 27 September 2023

The Telecom Infra Project (TIP) Open Optical & Packet Transport (OOPT) group is making significant strides in advancing network management and interoperability.

Read More...

Sophia Antipolis, 9 November 2023

ETSI is delighted to announce the establishment of a new Software Development Group, called OpenCAPIF. OpenCAPIF is developing an open-source Common API Framework, as defined by 3GPP, allowing for secure and consistent exposure and use of APIs.

Read More...

Sophia Antipolis, 30 November 2023

ETSI is pleased to announce a new White Paper developed by some of the members of its F5G Industry Specification Group, entitled “All-optical network facilitates the Carbon Shift”, highlighting the role of fibre networks as a key ICT enabler to meet the UN sustainability goals.

Read More...

Sophia Antipolis, 24 May 2024

Speakers at the 10th ETSI/IQC Quantum Safe Cryptography Conference have called on organizations to prepare their cybersecurity infrastructures to address the challenges of a post-quantum world.

Organized by ETSI and the Institute for Quantum Computing, this year’s conference was hosted from 14-16 May by the Centre for Quantum Technologies (CQT), National University of Singapore (NUS), in partnership with the Infocomm Media Development Authority (IMDA) and the Cyber Security Agency (CSA) of Singapore. The event attracted an impressive 235 onsite delegates from 27 countries, reflecting fast-growing interest worldwide in the critical importance of quantum-safe cryptography in today’s cybersecurity strategies.

Read More...

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

This document is only available in PDF format.

The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to

Job Summary  The International Food Policy Research Institute (IFPRI) seeks a highly motivated Graphic Designer II to join our Communications and Public Affairs team. This position is a one-year, renewable appointment, based in its New Delhi office, India and report to the Manager for Creative Solutions, who is based in Washington, DC. The Graphic Designer will produce high-quality and professional visual communication products to promote IFPRI's research to a diverse range of target audiences and through multiple channels. The successful candidate will be an enthusiastic, creative, and team-oriented individual with experience designing and delivering compelling visual communication outputs in a dynamic environment.  Interested candidates should submit a resume, cover letter, and a portfolio demonstrating their graphic design work. The portfolio should include a variety of projects showcasing skills in typography, layout, creativity, and use of design software (Adobe InDesign, Illustrator, Photoshop, and Canva) and include. links to digital portfolios or PDF attachments. Applications without a portfolio will not be considered. Interested applicants must have work authorization to work in India. Essential Duties:  Specific duties and responsibilities include but are not limited to: Design both print and digital visual communication products: Develop multiple design concepts and carry them through to final delivery, including but not limited to conference banners, brochures, data visualizations, flyers, posters, presentations, research reports, and websites. Layout print publications: Design and layout policy papers and reports while assisting in the creation of flexible InDesign templates. Create engaging digital content: Design visual content for the IFPRI website, interactive applications, social media, and email campaigns. Apply design principles: Utilize knowledge of layout, color theory, typography, and iconography to execute a wide variety of graphic design projects for both print and digital media. Provide branding guidance: Insure IFPRI products adhere to a consistent visual style and uphold professional standards, providing branding guidance to staff as needed. Brand design: Develop and execute creative concepts for branding, including logos, typography, color palettes, and overall visual identity. Innovate in interactive design: Lead initiatives on using innovative methods of interactive design to communicate research findings to both new and established audiences. Web Design: Develop visual design for IFPRI’s main website and microsites, ensure adherence to style guidelines. Coordinate printing: Manage the printing process of IFPRI publications and materials with local and international vendors. Collaborate effectively: Work collaboratively across the institution to ensure the timely delivery of high-quality design deliverables. Monitor and educate on digital trends: Stay updated on current digital trends, technologies, and industry standards, and educate both the team and IFPRI staff on best practices. Required Qualifications:  Bachelor's Degree in Art Design, Fine arts, Communications, Marketing or related field plus five years of relevant professional experience or Master’s plus three years in related field. Experience in graphic design, producing high-quality artwork, illustrations, and other graphics for communication purposes, including websites. Proven graphic design experience with a strong portfolio demonstrating excellent typography, layout, and creativity. Extensive experience with Adobe InDesign, Illustrator, and Photoshop. Basic knowledge/understanding of DTP software like Corel Draw.  Proficiency in using Canva for creating and managing visual content. In-depth knowledge and understanding of social media and web platforms, with demonstrated experience generating engaging content. Familiarity with designing within PowerPoint and MS Word. Ability to work quickly to meet tight deadlines and handle multiple projects simultaneously. Outstanding organizational and planning skills, with exceptional attention to detail. Strong interpersonal and collaboration skills; proven ability to be flexible in a team-oriented environment with diverse groups of people. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time.  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: data preparation, web-scraping, preparing, and analyzing data and figure s; dashboard; viewing computer terminal; extensive coding.  

Here is a Storify round up of the SpotOn London session: Enhanced eBooks & BookApps: The

Here is a Storify summary of the SpotOn London session: BrainSpace, a global interest graph for

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

Selected responses categorized into 'helped', 'helped and harmed' and 'harmed'.

TORONTO – The Ontario Securities Commission (OSC) is inviting applications for membership on its Registrant Advisory Committee (RAC or the Committee).