Latest news: Cybersecurity in packaging

The UK government has announced that Chinese state-affiliated organisations and individuals were responsible for two cyber campaigns aimed at democratic institutions and parliamentarians.  

This revelation, supported by international allies, highlights ongoing concerns about cyber activities targeting democratic processes.  

Partners across the Indo-Pacific and Europe have expressed their support for the UK's efforts to address these malicious activities. 

Electoral commission systems likely compromised 

The UK's National Cyber Security Centre (NCSC), part of GCHQ, has assessed that the UK Electoral Commission systems were likely compromised by a Chinese state-affiliated entity between 2021 and 2022.  

This attack forms part of a broader pattern of cyber activities aimed at undermining democratic institutions.

In a major step forward for national cybersecurity, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) is now in full swing. This updated law is changing how cyber threats are reported in the United States. 

Signed into law on March 15, 2022, CIRCIA requires certain organisations to report cyber incidents within 72 hours and ransomware payments within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA).  

These strict timelines aim to strengthen the protection of critical infrastructure against growing cyber threats. 

ECSO, the European organisation for cybersecurity, comprising over 300 members, has shared its views on the recently published NIS2 Implementing Act.  

While acknowledging the progress towards enhancing cybersecurity across Europe, ECSO has identified several areas of concern and provided recommendations to improve the Act's effectiveness. 

Concerns over implementation costs and requirements 

One of the primary concerns raised by ECSO is the potential for excessive and disproportionate costs associated with implementing the cybersecurity requirements outlined in the Act.  

The organisation emphasises that cybersecurity measures should be risk-based and tailored to the specific threats and vulnerabilities faced by individual entities.  

This approach would help avoid unnecessary financial burdens on organisations while ensuring adequate protection against cyber threats. 

Organisations in the UK have been provided with new guidance to handle ransomware incidents, a significant threat in the current cybersecurity landscape.  

The guidance, developed jointly by the National Cyber Security Centre (NCSC) and insurance industry bodies ABI, BIBA, and IUA, aims to assist organisations and their partners in responding effectively to ransomware attacks. 

Understanding ransomware threats 

Ransomware attacks involve cybercriminals gaining unauthorised access to a network, encrypting data, and demanding a ransom, often in cryptocurrency, for a decryption key.  

These attacks pose a serious threat to organisations, often resulting in significant disruption and potential data breaches.