Indian government officials say they may delay enforcement of the new Digital Personal Data Protection Act to give small businesses and healthcare organizations more time to comply. A decision on the deadline will come sometime after the appointment of a Data Protection Board in the next 30 days.
Microsoft said Chinese state-affiliated groups have stepped up cyberattacks in 2023 against countries in the South China Sea region - even hacking telecom firms to steal call records for cyberespionage. The most active group, Raspberry Typhoon, targets governments, militaries and infrastructure.
Enterprises are grappling with constantly changing technologies and new stakeholders, making it hard for security teams to achieve both cyber maturity and long-term sustainability. Standardization plays a critical role in cyber resilience, said Sunil Varkey, former CISO of Wipro and Idea Cellular.
The Ukraine war underscores the threats posed by cyberwarfare. India faces its own threats, which means public and private sectors need to work together to defend against nation-state attacks, according to retired Lt. Cdr. Antony KM, vice president of internal audit and cybersecurity at NAB India.
A spate of high-profile ransomware attacks shows that the Asia-Pacific region is squarely in the crosshairs of cybercriminal groups, and some fear that attackers are turning to smaller, regional businesses even less prepared to defend themselves. Expert weigh in on defensive strategies.
Growing reliance on both AI and generative AI is posing new challenges to CISOs. For example, CISOs have limited visibility into how certain large language models were packaged, making it difficult for them to spot security and privacy risks, said Chandan Pani, CISO at LTIMindtree.
China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.
A major ransomware attack on the Sri Lankan government's cloud infrastructure compromised approximately 5,000 government email accounts and wiped out numerous emails that had not been protected by offline backups. The agency said some employees lost three months of email messages.
Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this year. The Redfly APT group focused on stealing credentials and compromising multiple computers.
Cybercriminals have found a new opportunity to exploit retail investors - a popular target among individuals looking to diversify their income. Researchers at Group-IB discovered an ongoing global investment scam that uses fake money-making investment schemes to lure investors.
More than a one-fourth of Indian organizations suffered over $2 million in losses to cyberattacks in the past year as a result of a lack of skilled cybersecurity workforce and funds, according to a recent survey by cloud cybersecurity vendor Cloudflare.
One-fourth of APAC healthcare organizations over the past year paid a ransom to recover encrypted files and systems, and a greater share incurred losses exceeding $1 million to cyberattacks. A survey by cybersecurity firm Claroty found that defenders are understaffed and using outdated technology.
While the problems of money laundering and mule accounts continue to haunt the financial industry, fintechs are using AI to a large extent to mitigate the problem, said Kawin Boonyapredee, a member of the Cyber Risk Subcommittee for the Singapore FinTech Association.
Japanese government investigators say cybercriminals are employing a new technique that tricks users into downloading malicious Word files disguised as harmless PDFs. Japan's Computer Emergency Response Team warned that the "maldocs" attack can bypass traditional malware detection.
The BlackCat group on Monday claimed responsibility for a ransomware attack on Japanese watchmaker Seiko, publishing samples of stolen data files as proof of its exploit. Seiko Group Corp. announced earlier this month that it had detected unauthorized users accessing of some of its servers.