This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Visa boosts AI fraud detection with Featurespace acquisition, lifting its stock; Experian expands Latin American security by acquiring ClearSale; Booz Allen shares cyber expertise at Singapore International Cyber Week; Torq secures $70M for global growth; SentinelOne and Okta shine in top awards.
With OpenAI’s shift to a $157 billion for-profit model, CEO Sam Altman maintains its mission to "benefit humanity." However, as investors seek high returns and Altman stands to gain equity, doubts arise over who truly benefits from OpenAI’s growth—society or its shareholders?
ENISA released a study on 'Best Practices for Cyber Crisis Management,' aligned with the NIS2 Directive. This initiative strengthens EU cybersecurity and enhances cooperation, reinforcing the EU's role in global cyber resilience.
Strengthening Global Cyber Resilience: Insights from the EU’s Strategic Cybersecurity Initiatives
Acknowledging the complexities and disruptions brought forth by global geopolitical tensions, the European Union is stepping up its efforts to create a stronger and more cohesive cyber crisis management framework.
This move is in direct response to the urgent need for more sophisticated strategies to deal with the challenges posed by a future that is becoming ever more competitive and fraught with conflict. To this end, the European Union Agency for Network and Information Security (ENISA) has unveiled a detailed study entitled ‘Best Practices for Cyber Crisis Management’.
This document serves as a comprehensive guide aimed at enhancing the ability of EU Member States to effectively prepare for and manage cyber crises.
This crucial document, designed to improve crisis management capabilities, was carefully prepared for the EU Cyber Crisis Liaison Organisation Network (CyCLONe) and has now been released for public access.
By doing so, the EU demonstrates its dedication to spearheading efforts to strengthen cybersecurity defences on a global scale and to foster a unified and robust response to the cyber threats that emerge amidst geopolitical conflicts.
The release of this study is a testament to the EU's proactive approach in addressing the intricate dynamics of cyber security and crisis management in today’s interconnected world.
The study delves into the intricate nature of what constitutes a cyber crisis and explores the inherent subjectivity involved in classifying a large-scale cyber incident as such.
It emphasises that the transition from an incident to a crisis is often influenced by political considerations and is significantly dependent on the risk levels that EU Member States are willing to accept.
This nuanced understanding underscores the complexity of cyber crisis management and highlights the critical need for a strategic, adaptable framework that can accommodate the diverse perspectives and security thresholds of EU nations.
Built upon the first directive on Network and Information Security (NIS) that was set in 2016, the NIS2 entry into force marks a transformative period in the field of cybersecurity in the EU due to the new, upgraded provisions and obligations for Member States to incorporate into their national legislation.
The European Union Agency for Network and Information Security (ENISA) has significantly bolstered the cybersecurity infrastructure of its Member States and beyond.
Through the initiation of the Cybersecurity Support Action in 2022, ENISA aims to diminish the risks stemming from large-scale cybersecurity incidents, representing a crucial development in Europe's unified approach to addressing cyber threats.
This week marked a significant milestone as ENISA released its study on 'Best Practices for Cyber Crisis Management.' This publication, designed to enhance preparedness for crisis management, was developed specifically for the EU Cyber Crisis Liaison Organisation Network (CyCLONe) and has now been made publicly accessible.
Such an initiative is of paramount importance, considering the surge in cyber attacks targeting critical national infrastructure not just within the EU, but globally.
Furthermore, the increasing complexity and frequency of these cyber attacks, akin to acts of cyber warfare, are causing widespread repercussions. High-profile incidents in countries such as the United Kingdom, Australia, the United States, Canada, and throughout the Pacific region are intensifying geopolitical tensions and underscore the pressing need for an all-encompassing strategy for cyber crisis management. This strategy is crucial to mitigate the impacts of such threats and safeguard global stability in an increasingly interconnected world
A Unified Approach to Cybersecurity and Crisis Management
The study outlines the framework and circumstances with cyber crisis scenarios and proposes a series of best practices that will enable the transition into the new requirements of NIS2 Directive, the EU-wide legislation on cybersecurity. The study aims to bring a heterogeneous ecosystem towards stronger harmonisation.
The strategic direction undertaken by ENISA, underpinned by the implementation of the NIS2 Directive, signifies a concerted effort to streamline and enhance the cybersecurity posture of the European Union.
Juhan Lepassaar, the Executive Director of ENISA, emphasised the importance of this initiative:
"Sharing best practices for Member States is a step in successfully strengthening cyber crisis management. This report serves as a tool to assist with implementing the provisions of the NIS2 Directive. Crisis management processes for business continuity are paramount.”
This statement underscores the agency’s commitment to bolstering the EU’s digital defence mechanisms through collaboration and knowledge-sharing.
The establishment of the Cyber Crises Liaison Organisation Network (EU-CyCLONe) and the EU CSIRTs Network as part of the NIS2 Directive highlights a key change in the EU’s cybersecurity strategy.
These networks are instrumental in fostering operational cooperation and enhancing the capacity for cyber crisis management across Member States. By facilitating a coordinated response to cyber incidents, the EU not only strengthens its internal security infrastructure but al.
In short, EU-CyCLONe enables rapid cyber crisis management coordination in case of a large-scale cross-border cybersecurity incidents or crises in the EU by providing timely information sharing and situational awareness among competent authorities. The group supports the cooperation among MS, in particular through the regular exchange of information between and among MS and EUIBAs
Operational Best Practices For Cyber Crisis Management Within The EU
This section outlines fifteen operational best practices for managing cyber crises within the European Union. Aligned with the NIS2 directive, specifically referencing Article 9 on 'National cyber crisis management frameworks' and Article 16 concerning the 'European cyber crisis liaison organisation network (EU-CyCLONe)', these best practices have been successfully implemented and validated either within one of the Member States (MS) or at the EU level.
Furthermore, each has been publicly communicated, ensuring transparency and accessibility. Every best practice is accompanied by a practical example from an MS, an evaluation of its impact on enhancing cyber crisis management at the operational level across the EU, prospective developments, and its alignment with the goals of NIS2.
This compilation not only serves as a valuable resource for entities aiming to refine their cyber crisis management strategies but also contributes to the broader objectives of NIS2, thereby reinforcing the EU's leadership in global cybersecurity governance.
The EU’s leadership in integrating crisis management education into the broader cybersecurity strategy sets a global benchmark. It is a testament to the understanding that the fight against cyber threats is not limited to technological solutions but extends into the realms of education, policy-making, and international cooperation.
With OpenAI’s shift to a $157 billion for-profit model, CEO Sam Altman maintains its mission to "benefit humanity." However, as investors seek high returns and Altman stands to gain equity, doubts arise over who truly benefits from OpenAI’s growth—society or its shareholders?
Japan is racing to develop "unbreakable" quantum encryption by 2030. Chinese hackers breached US wiretap systems, Japan is tackling AI deepfake scams, and China is advancing silicon photonics to evade US tech bans. The cybersecurity competition is intensifying.
Google is investing $1 billion in Thailand to expand AI and cloud infrastructure, while Meta is setting up manufacturing for its Quest 3S in Vietnam. Both moves position Southeast Asia as a key player in the global AI arms race, with tech giants racing to dominate the region’s digital economy.
Governor Gavin Newsom vetoed Senate Bill 1047, which would have enforced strict safety measures for AI models with over $100M in funding. He argued the bill’s focus was too broad and advocated for more targeted AI regulations that address risks from smaller, less costly systems.