US introduces new data rules, and other cybersecurity news to know this month

The United States Justice Department has put forward new rules to protect federal government and Americans' bulk data from foreign access through placing new limits on certain business transactions, says Reuters.

The proposal implements an executive order from earlier this year that aims to keep foreign states from accessing American financial and genomic data and health data for cyberattacks, espionage and blackmail.

The financial damage caused by cybercrime in the US reached a new record of $12.5 billion last year, reports Statista.

The rules - including a ban on transferring the geolocation data on over 1,000 US devices - would apply to China, Russia, Iran, Venezuela, Cuba and North Korea.

Those behind the plans said that transactions would be banned with data brokers who know information will end up in 'countries of concern'.

A new study shows that Mexico faced more than half of all cyber threats in Latin America in the first half of this year.

The research, by cybersecurity firm Fortinet, found that the country faced 31 billion cybercrime attempts in the first six months of this year - equivalent to 55% of all those faced in the region.

While the numbers are high, Fortinet says they also represent a slowdown from the previous year which saw a total of 94 billion cyberattacks.

Fortinet's Mexico chief said the country faces more attacks than other Latin American countries as a result of its proximity and commercial ties to the United States.

New Mexican President Claudia Sheinbaum has said she will create a cybersecurity and artificial intelligence centre.

Commercial cyber insurance rates fell 6% globally in the third quarter of 2024, according to new data. It's part of overall declines in global commercial insurance rates, and represents the same rate of decrease for cybersecurity as the previous two quarters of 2024.

The European Union's nominated head of tech sovereignty and security has said she will prepare a new AI and Cloud Development Act to close the 'productivity gap' between the bloc and the US and China. The Act would also focus on energy-efficient technology, large-scale investment and security of supply and cybersecurity.

The UK has sanctioned 16 members of the Russian cybercrime gang Evil Corp, which it said was used by Russia in operations against NATO allies.

A report from the United Nations Office on Drugs and Crime has warned that Pacific Island nations are at risk of becoming bases for global criminal gangs, including those involved in cybercrime.

A Microsoft blog has warned that an Iranian hacking group is actively scouting US election-related websites and media outlets, suggesting preparations for more "direct influence operations".

A new report has said that India could face nearly 1 trillion cyberattacks each year come 2033, and by 2047 that figure could rise to 17 trillion. Last year the country faced 79 million. However, in the first quarter of 2024 alone, India was hit by 500 million incidents.

Marlink's Security Operations Center on cybersecurity threats report has outlined the most detected cybersecurity threats in the first half of this year. Initial access tactics - for example phishing fraud - topped the list, followed by Command and Control.

Complexity in cybersecurity reduces visibility and increases vulnerability to human errors and attacks. Dorit Dor, of Check Point Software Technologies, explains in this blog that consolidating tools into a unifed platform can elimate blind spots.

While quantum computing brings significant opportunities - it also brings cybersecurity risks. The new NIST post-quantum cryptography (PQC) standards are an important stepping stone on the transition to a quantum-secure economy, say experts from the Forum and Deloitte.

Software updates play a crucial role in upholding cybersecurity and require proactive planning, explain Lars Couwenberg and Sameer Mehta, but they can also introduce new vulnerabilities. A new study explores this complex relationship.