Top 10 cyber security stories of 2023 – ComputerWeekly.com

Sikov – stock.adobe.com
The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides. It was also a year in which governments around the world, but especially in the UK and US, started to flex their muscles in terms of active engagement in cyber security.
And in the end, it was probably geopolitical concerns that dominated the security news agenda. 2023 saw the emergence of a new class of threat actor determined on causing indiscriminate chaos, continuing Russian attempts to manipulate the political process, and massive exploitation of vulnerabilities by Chinese threat actors in the service of industrial espionage.
Here are Computer Weekly’s top 10 cyber security stories of 2023.
Towards the end of January the NCSC warned of a persistent campaign of hostile state-backed cyber attacks against UK political targets, journalists and other prominent individuals. The attacks, originating from Iran and Russia, sought to gather intelligence and undermine the political process. Later in the year the NCSC was able to firmly attribute the Russian activity to a group going by the name Star Blizzard.
Huge public interest in generative artificial intelligence (AI) and the large language models (LLMs) that underpin them ensured that tools like ChatGPT dominated the entire tech news agenda in 2023. Some were quick to exploit this interest to spread fear, uncertainty and doubt about AI as they tried to prove that only their organisation had the answer to the potential cyber problems it poses, but the NCSC called for a more balanced approach.
February 2023 marked a grim milestone as the first anniversary of Russia’s devastating war on Ukraine passed. Ukraine’s cyber defenders provided a masterclass in resilience during 2022 and 2023, and Computer Weekly took the temperature of the security community to find out what lessons we can all take away from their experience.
The risks inherent in social media platforms have been well known for some years now, but with the landscape in flux in 2023 amid seismic change at Twitter, and growing concern over alleged Chinese influence on TikTok that culminated in a ban on the service’s use on UK government devices, the issue of managing what we share online, both as private individuals and representatives of organisations, never seemed more pertinent.
The NCSC’s annual conference always generates headlines, and this year’s event in Belfast opened with a call for collaboration across the security industry, and a reminder not to succumb to complacency, from the organisation’s CEO Lindy Cameron. In her opening keynote, Cameron spoke of a multitude of challenges, from emerging technologies, to insecure software and hardware design, to cyber crime and state threat actors, and urged people to come together to address them.
Threats to government departments and related bodies being magnified in recent years, this year saw the launch of the enhanced GovAssure cyber security regime, run out of the Cabinet Office, which set out to better protect the IT systems that underpin the UK’s public services. Among other things, the scheme will see the imposition of annual, more robust cyber security audits.
There was embarrassment for some after a patch for a vulnerability found in Barracuda Networks’ email security gateway (ESG) product failed to work properly, meaning that users of at-risk hardware had to remove their appliances from service and seek a replacement. It subsequently emerged that the vulnerability in question was being heavily exploited by Chinese threat actors.
China was on Microsoft’s mind too, after it emerged that an advanced persistent threat (APT) actor was able to hack US government email accounts using a Microsoft account consumer signing key. The fall-out saw Microsoft heavily criticised by American politicians.
With supply chain security still a key concern across the business world, 2023’s DEF CON hacking convention saw the publication of multiple vulnerabilities in key datacentre power supply and management products underpinning the world’s public cloud infrastructure. Although the affected products are little known to the layperson, such is their ubiquity that had they been chained and exploited, some of the biggest hyperscale players could have seen their services topple over.
The NCSC’s annual report this year detailed the emergence of a new class of cyber threat actor that is ideologically, rather than financially, motivated. Such groups are becoming increasingly emboldened to act with impunity, have a higher risk appetite, and may not be able to fully understand or control the impact of their actions, rendering them an extraordinary threat.
Quantum computing shows great potential for faster problem-solving, among other benefits. Discover key areas where the enterprise…
What’s happening in the metaverse? More than you might think. Read about three areas for growth, the concept of spatial computing…
The White House wants to divide regulatory authority for new commercial space industry activities between the DOC and DOT, a move…
Ransomware attacks against U.S. organizations hit record levels this year as threat actors stepped up extortion tactics and took …
Web fuzzing provides automated web application testing, which enables security teams to discover vulnerabilities within web apps …
Our panel of experts picked the best free and paid online cybersecurity courses for working professionals looking to advance …
IP addresses and subnets are necessary for effective network communications. Learn how IP addresses and subnets work, and compare…
It’s not enough to build network automation workflows. It’s important to secure those workflows, as well. Access control, …
Despite early discussions about the potential of Wi-Fi 7, many enterprises are still catching up with the rapid pace of Wi-Fi …
Discover and compare the leading vendors in server hardware with these in-depth overviews of the blade, rack and mainframe …
DCIM tools can improve data center management and operation. Learn how six prominent products can help organizations control …
Lenovo has added the latest generation of Intel CPUs to new ThinkSystem servers and ThinkAgile HCI appliances to better address …
The longtime analytics vendor continues to expand into data management, now adding capabilities that enable a decentralized …
The data cloud vendor’s purchase aims to give users a way to share data with partners and collaborate on decisions without …
Organizations typically approach data governance with top-down or traditional approaches. Consultant Robert Seiner discusses what…
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *