Wide-ranging MOVEit hack and other cybersecurity news to know this month

The US Department of Health and Human Services and the US Department of Energy were among those targeted by a widespread hacking spree that exploited a weakness in the file transfer platform MOVEit Transfer.

Russia-linked extortion group Cl0p has claimed responsibility for the hack, which also affected entities including energy giant Shell, British Airways, broadcaster the BBC, and law firms Kirkland & Ellis LLP and K&L Gates LLP.

Progress, the vendor of the MOVEit software, has issued advice on dealing with the vulnerability, including a patch.

The Council presidency and European parliament representatives have reached a provisional agreement on new rules around fair access and use of data in the European Union (EU). The EU Data Act aims to harmonize laws around who can use data and stimulate a competitive data market.

However, the rules have been criticized by businesses and tech firms, which cite concerns around data flow, contractual freedom and cybersecurity.

"The Data Act will place European industry at a disadvantage by forcing it to give up hard-earned data and restricting contractual freedom, potentially leading to a new wave of de-industrialization and posing risks to our cybersecurity," said Cecilia Bonefeld-Dahl, director general of DIGITALEUROPE, a representative body for the digital technology industry.

Viet Nam has told social media companies they must use AI models to automatically detect and delete "toxic" content, in an extension of its stringent platforms operating in the country. Facebook, YouTube and TikTok have repeatedly been asked to work with authorities to stamp out offensive or false content.

Australia has appointed its first cybersecurity chief in a bid to address a series of major data breaches and enhance security capabilities. Air Marshal Darren Goldie, a 30-year veteran, has been named the country's national cybersecurity coordinator. This news comes just over one year after Australia became the first G20 nation to have a dedicated Cybersecurity Minister. The government has also recently reformed security rules and set up an agency to help coordinate responses to hacks.

Australia's banking regulator has told insurer Medibank it must set aside A$250 million ($167 million) after weaknesses were found in its information security after hackers targeted it. The personal records of 9.7 former and current customers were released on the dark web last year in one of the country's biggest data thefts. At least three separate class actions have been filed against the company.

US President Joe Biden has published his administration's National Cybersecurity Strategy Implementation Plan. The plan details more than 65 high-impact federal initiatives, from protecting American jobs by combatting cybercrime to building a skilled cyber workforce equipped to excel in today's digital economy.

Companies need to focus on building robust cybersecurity programmes as the world becomes increasingly digital. But clear and frequent communication is often lacking. Here's how security professionals can create tighter bonds with critical stakeholders – across their organization and beyond.

New research suggests the education and research sector is the most frequent target of cyberattacks, suffering over 2,500 on average per week at the start of 2023.

The Council on the Connected World, a multistakeholder collaboration facilitated by the World Economic Forum has established a set of recommended requirements for Internet of Things devices. It is looking to address the lack of consensus around their use, as well as concerns over privacy, security, interoperability and equity.