When a cybersecurity incident occurs, it's not just IT systems and data that are at risk — a company's reputation is on the line, too.

Source: Panther Media GmbH via Alamy Stock Photo

Question: What value do public relations experts bring to a company during a cybersecurity incident?

Ronn Torossian, founder, 5WPR: The threat of a cyberattack is ever-present, making cybersecurity a top priority for organizations of all sizes. But when a cybersecurity incident occurs, it's not just IT systems and data that are at risk — a company's reputation is on the line, too. This is where public relations (PR) can step in as a critical safeguard. A well-executed cybersecurity PR strategy can help contain the fallout of a cybersecurity breach, maintain stakeholder trust, and position the organization for recovery.

Here are five ways PR professionals can protect a company against damage from a cybersecurity incident.

**1\. Build Trust With Stakeholders Ahead of Time**

PR's role in a cybersecurity incident starts long before a breach happens. Proactive engagement with stakeholders builds a reservoir of goodwill to draw upon in times of crisis. Engagement includes providing regular updates on the company's cybersecurity measures, sharing tips for data protection, and offering insights into industry best practices.

For instance, tech giants like Cisco and IBM consistently communicate their cybersecurity initiatives, positioning themselves as leaders in the space. By doing so, they reinforce their commitment to security. This proactive approach helps set the stage for smoother communication during a crisis.

**2\. Communicate With Transparency and Speed**

The first hours of a cybersecurity breach are crucial. Prompt, transparent communication helps shape public perception and can significantly influence the level of trust that stakeholders place in the company. When an incident occurs, PR teams must work swiftly to inform customers, employees, and partners about what happened, what steps the company is taking, and what they should do next.

A classic negative case study is Equifax's 2017 breach, where delayed communication compounded the public's distrust. Companies that immediately acknowledge a breach and provide clear updates often regain trust faster. Transparency demonstrates accountability and commitment, both of which are key to repairing reputational damage.

**3\. Harness Social Media for Crisis Responses**

Social media is a double-edged sword in the wake of a cybersecurity breach. These digital channels amplify both the reach of the company's crisis communications and the spread of misinformation or negative sentiment. A strong social media strategy is essential for managing the narrative.

PR teams should use platforms like LinkedIn and other digital channels to provide real-time updates, address customer concerns, and reinforce the company's commitment to resolving the issue. These channels offer an opportunity to humanize the brand, which can help mitigate panic and frustration.

**4\. Bring in Cybersecurity Teams for Updates**

Effective crisis communication requires more than just PR expertise. Collaboration with IT and cybersecurity teams ensures that messaging is accurate, clear, and credible.

Cybersecurity experts lend authority to media briefings or stakeholder updates and signal that the situation is under control. PR professionals translate complex technical details into language that resonates with diverse audiences. This partnership helps build confidence in the organization's ability to manage and resolve cybersecurity incidents.

**5\. Rebuild Trust After an Attack**

Long-term organizational recovery from a cybersecurity breach depends on rebuilding trust, which is rooted in ongoing education and advocacy. PR teams can drive awareness campaigns that encourage both internal and external audiences to adopt better cybersecurity practices.

This might involve publishing blogs, hosting webinars, or participating in industry panels to share insights on navigating the evolving threat landscape. Advocacy for stronger industry standards or collaboration on public policy can further position the company as a thought leader committed to enhancing cybersecurity for all.

**About the Author**

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

How Can PR Protect Companies During a Cyberattack?

Efficiency is the name of the game for the security operations center — and 91% of cybersecurity pros say artificial intelligence and machine learning are winning that game.

Only 9% of cybersecurity professionals said that new artificial intelligence (AI) and machine learning (ML) tools have not improved their security operations center (SOC) functionality, according to Dark Reading's latest research on enterprise security. The vast majority of respondents saw noticeable rises in speed, accuracy, and efficiency — good news for those frontline workers.

In Dark Reading's Artificial Intelligence and Machine Learning in Cybersecurity Survey, an equal number of respondents (31%) said AI and ML tools contributed to SOC performance by improving threat detection, automating routine tasks, and speeding up responses to threats. All of these improvements directly reflect the value that automation brings to improving response accuracy and operational efficiency in the SOC.

One of the greatest challenges that SOC analysts face now is an overwhelming volume of false positives raised by their security tools. Analysts have to sift through system alerts and discern which ones are false positives and which ones are potential threats. The tediousness of that work can lead to missed warnings, slower incident response times, and dissatisfaction that can result in burnout. The good news is that AI and ML are perfectly suited for handling this kind of donkeywork.

In fact, 24% said that AI and ML tools improved their SOC operations by reducing the volume of false positives.

For 28% of Dark Reading respondents, AI and ML tools provided better visibility into security events, and 24% cited improved efficiency in handling security events. A quarter of respondents cited quicker response times from SOC personnel as a positive effect of these tools. AI and ML tools are gaining traction in enterprises, and these responses show those technologies are already making a positive impact on enterprise security posture.

For more on the impact of AI and ML on cybersecurity, download the Dark Reading report "The State of Artificial Intelligence and Machine Learning in Cybersecurity."

**About the Author**

It's Near-Unanimous: AI, ML Make the SOC Better

In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.

Source: Jakub Krechowicz via Alamy Stock Photo

A newly unveiled threat actor has been spying on mobile phones in Asia and Africa for more than four years. 

On Nov. 19, Adam Meyers, senior vice president for counter-adversary operations at CrowdStrike, testified before the US Senate Judiciary Subcommittee on Privacy, Technology, and the Law, on the subject of Chinese cyber threats to critical infrastructure. In the process, he unveiled Liminal Panda, an advanced persistent threat (APT) hyper-focused on gathering intelligence from telecommunications networks.

Since 2020, Liminal Panda has been using network-based attacks to penetrate and pivot between telcos across geographic regions, gathering SMS messages, unique identifiers, and other metadata associated with mobile phones that could be of political or economic use to the Chinese state.

**Liminal Panda's MO**

Though the aim is to obtain data transmitted over telecommunications channels, a typical Liminal Panda attack might look a lot like any regular network breach.

"Your cellphone has a radio that talks to a tower, called a base station controller. And those things are connected, typically, by Internet-type protocols — network technology," Meyers explained. Where some attackers might focus on the towers and their transmissions, Liminal Panda targets the IT network infrastructure underpinning the system. "They're going to go in through the gateway of the telco, and inside there's going to be a lot of traditional IT systems."

Once inside a telco's network — so often staffed by outdated legacy systems — Liminal Panda has tools for collecting call and text records and other sensitive identifying data on large groups or individual targets. "When you send a text message from your mobile device, it goes to the tower via SMS that gets passed back into the core of the telco. Routing decisions are made, and then it goes to the next destination," he says. Liminal Panda malware acts on that interim step.

To facilitate the exfiltration of that information, the group's command-and-control (C2) setup emulates the Global System for Mobile Communications (GSM). GSM is a mobile communications standard that enables calling, texting, and the use of mobile data, and is the most widespread such standard in the world, used in more than 193 countries.

**Hopping Between Telcos**

Besides attacking specific telcos, Liminal Panda has also been observed hopping between them.

"When you go from one part of the country to another, or when you go from one country to another, you need to have interoperability. And there's a lot of infrastructure that goes into making that happen," Meyers said. Thing is: The open lines of communication between telecommunications providers, and their infrastructure over long distances, can also be weaponized. "There are multiple threat actors from China who really understand how telecommunications infrastructure works. They understand how it's all connected together, and they're able to abuse that in order to go between providers."

Though its understanding of industry-specific protocols helps, Liminal Panda also jumps between providers simply by abusing the Domain Name System (DNS). By the end of a campaign, the group has often established multiple, redundant routes for traveling between providers.

**China's End Goals**

Oppressive governments have long used telecommunications breaches to spy on foreign officials, internal political dissidents, journalists, and academics. "All of these groups are targeting telcos to perform bulk collection, because it gives them the opportunity to then \[hone in on\] an individual — see who they're texting, who they're calling, who they're with," Meyers explained.

If Liminal Panda is indeed working on behalf of China, as CrowdStrike assesses with admittedly low confidence, then this sort of spying might have a dual economic benefit as well. In his Senate testimony, Meyers highlighted how major national projects like the Belt and Road Initiative, Made in China 2025, the 2035 Vision, the Global China 2049, and the country's regular Five-Year Plans provide impetus for economic espionage.

"If you're doing a deal in that region, I want to know who you're meeting with. I can collect that information, if you're sending text messages about the deal," he says. "Or I can intercept them if you're meeting with somebody that is politically problematic for me."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data

Cybersecurity investigators found the leaked data to be information from a third party, not Ford itself, that is already accessible to the public and not sensitive in nature.

Source: imageBROKER.com GmbH & Co. KG via Alamy Stock Photo

On Nov. 17, hackers that go by the aliases IntelBroker and EnergyWeaponUser claimed to have breached Ford customer records, laying out their "success" in a post on BreachForums.

The hackers claimed that they had stolen 44,000 Ford customer records that included names, physical addresses, and acquisition information. In truth, after making the data sample public, it was found that the data only included physical addresses of car dealers from around the world, data that is likely already public and not considered sensitive.

The initial claims, however, prompted an investigation by Ford, which determined that there was no breach of its systems or compromised customer data involved. The leaked information actually originated from a third-party supplier, according to the automotive giant.

This isn't the first time IntelBroker has pulled a stunt such as this; though its victims do suffer from some type of breach, the hacker's claims of its attacks' magnitude are often exaggerated. Nonetheless, it's important to carefully vet any hacker claims, according to Roger Grimes, data-driven defense evangelist at KnowBe4.

"Any stolen confidential information, like purchasing habits, is something that can be used in a targeted spear phishing attack to trick more potential victims,” he wrote in an emailed statement to Dark Reading. "So, you can't completely discount any data breach no matter how innocuous it first seems."

**About the Author**

Alleged Ford 'Breach' Encompasses Auto Dealer Info

Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Source: Shahid Jamil via Alamy Stock Photo

Apple has released security updates to address two zero-day vulnerabilities that are under active exploitation in the wild.

The bugs, tracked as CVE-2024-44308 (CVSS 6.8) and CVE-2024-44309 (CVSS 4.3), are, respectively, a vulnerability in JavaScriptCore that could lead to arbitrary code execution; and a cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack while processing malicious Web content.

The bugs affect Apple's iOS, iPadOS, macOS, visionOS, and the Safari Web browser; the company reports that it has addressed them with better checks and improved state management.

Clément Lecigne and Benoît Sevens at Google's Threat Analysis Group (TAG) first discovered and reported the vulnerabilities and, as is customary for the company, Apple did not provide any additional details of reported attacks nor did it offer indicators of compromise (IoCs).

"Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems," Apple stated its advisory for both zero-days, the lone piece of information regarding in-the-wild exploitation attempts.

Those using affected Apple ecosystem products should update to iOS 18.1.1, macOS Sequoia 15.1.1, and  iOS 17.7.2 as soon as possible to avoid compromise.

**About the Author**

Apple Urgently Patches Actively Exploited Zero-Days

If the US wants to maintain its lead in cybersecurity, it needs to make the tough funding decisions that are demanded of it.

Michael Daniel, President & CEO, Cyber Threat Alliance

November 20, 2024

5 Min Read

Source: Skorzewiak via Alamy Stock Photo

COMMENTARY

The term "government cybersecurity agency" probably conjures up a range of images, from men in dark suits to rooms filled with huge screens and people typing away at keyboards. It likely does not prompt people to think of a small underfunded agency in the Department of Commerce. Although organizations like the National Security Agency (NSA), the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) receive the most attention regarding cybersecurity, many other government agencies perform critical cybersecurity functions and are chronically underfunded and short-staffed. 

The digital ecosystem can suffer far-reaching negative impacts if these agencies cannot perform their missions. If the US wants to maintain its cybersecurity edge, Congress must allocate appropriate funding for agencies across the cybersecurity ecosystem to protect networks and critical infrastructure. The Commerce Department's National Institute of Standards and Technology (NIST) and the National Vulnerabilities Database (NVD) provide an excellent case study for this problem. 

The NVD is a catalog of known IT software and hardware vulnerabilities that bad actors can exploit to carry out malicious activities, such as breaking into a network to steal data or accessing a control system to sabotage equipment. 

Software vendors, cybersecurity providers, and network operators want to know about vulnerabilities so they can patch them and prevent bad actors from exploiting them. The NVD serves as a foundation for almost all vulnerability analysis, assessment, management, or remediation activities in the US, the European Union, and throughout much of the world. 

The US government has operated the NVD since 1999 under NIST. A relatively small agency by US government standards, it has a well-deserved reputation for quality, industry collaboration, and integrity; its expertise in standards development is unparalleled. The agency plays an outsized role in the cybersecurity ecosystem due to the extensive use of its standards, guidelines, best practices, and other cybersecurity products. 

**How the NVD Started and Developed**

The NVD started as a research project. As the vulnerability management process evolved, NIST staff began adding certain data fields to the NVD entries, a process that became known as enrichment. As the number and importance of vulnerability tracking increased — and businesses and network operators increasingly relied on the data — maintaining the NVD and its enriched data became an essential operational requirement for cybersecurity across the entire ecosystem. NIST continued to manage the NVD, despite not being an operational agency.  

This status quo persisted until mid-February 2024, when NIST stopped enriching the NVD entries without much warning. 

While the reasons for the outage are not fully known, long-time observers assert that a lack of resources played into NIST's decision. This abrupt change created major problems across the cybersecurity ecosystem because so many organizations relied on the enriched NVD data for their vulnerability management systems. While the resulting outcry eventually forced the US government to cobble together a solution and restart the process, the decision to stop enriching vulnerabilities measurably increased global cyber-risk for several months. 

**The Problem: Widespread Underfunding of Government Security**

This process breakdown shows what happens when we rely on underfunded government organizations for critical Internet security functions. Unfortunately, the NVD is hardly an outlier. A review of executive orders, presidential guidance documents, and national strategies would show many new tasks for NIST, but decreased funding in the financial year 2025 budget. NIST isn't the only agency in this situation. The Environmental Protection Agency, the Coast Guard, and the Department of Agriculture all have cybersecurity missions and are critical players in increasing our cyber resilience. The State Department and the US Agency for International Development are also responsible for carrying out our cyber policies abroad. Yet the collective resource allocations for these agencies and programs don't reflect their contribution to our overall cybersecurity. The allocated resources are not commensurate with our national security, economic prosperity, and public health and safety needs. 

As a country, we should recognize the importance of these functions and resource them appropriately. We should also think critically about who performs these tasks; for example, in the case of the NVD, should a government research organization maintain a foundational operational capability, or should another agency take over the function? For that matter, we should consider whether a function should be moved out of the federal government to a private sector entity or nonprofit. 

The structures, policies, and resource allocations that worked when the Internet was a "nice-to-have" no longer suffice. Now that the Internet is a "critical function," underpinning public health, safety, and global economic prosperity, we need to invest in the cybersecurity capabilities needed to keep the Internet functioning. We must shoulder our responsibilities appropriately, including allocating sufficient resources to meet our collective needs. 

Unfortunately, the current approach to funding government agencies by continuing resolution simply compounds the resourcing problem. Continuing resolutions are better than a government shutdown, of course, but they are otherwise bad for cybersecurity. They keep agencies at the same funding level as previous years, making no changes for inflation or mission, and they do not permit agencies to start new programs. Their short duration creates uncertainty and effectively freezes the federal government in place. We need Congress to pass annual appropriations bills and provide the resources necessary for our cybersecurity. As the recent McCrary Institute Presidential Transition Task Force report states, "The misalignment between policy objectives and funding is a recurring issue that compromises the effectiveness of national cybersecurity efforts." That's why the report dedicates an entire section to funding and resource recommendations — without adequate resources, the best policies will not achieve their intended effects. 

The US is still a cyber superpower, but that status is not guaranteed to last — we could squander it. If the US wants to maintain its lead in cybersecurity, we need to act like adults and make the tough funding decisions that are demanded of us. Growing up is hard to do — but the alternative is very unattractive.

**About the Author**

President & CEO, Cyber Threat Alliance

Michael Daniel is president of the Cyber Threat Alliance and oversees the organization's operations. Prior to joining CTA in February 2017, Michael served from June 2012 to January 2017 as Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff. In this role, Michael led the development of national cybersecurity strategy and policy, and ensured that the US government effectively partnered with the private sector, non-governmental organizations, and other nations.

Small US Cyber Agencies Are Underfunded &amp; That's a Problem

An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.

Source: Jiraroj Praditcharoenkul via Alamy Stock Photo

A cybercriminal group is exploiting vulnerabilities in Internet of Things (IoT) devices and then turning a tidy profit by putting them up for sale on a residential proxy marketplace, where they can be turned into proxy botnets by state-sponsored advance persistent threats (APTs) and other malicious actors.

The gang, tracked as "Water Barghest," has already compromised more than 20,000 IoT devices, including small office and home office (SOHO) routers used by businesses, by using automated scripts to identify and compromise vulnerable devices, according to new research from Trend Micro. The threat actor, which has operated for more than five years (largely under the radar due to a sophisticated automation strategy) discovers vulnerable IoT devices from public Internet-scanning databases such as Shodan, the researchers noted.

Once Water Barghest compromises devices, it deploys proprietary malware called Ngioweb to register the device as a proxy — i.e., a network that puts an intermediary between a client and a server. Water Barghest then lists the device for sale on a residential proxy marketplace for other threat actors to purchase.

The entire cybercriminal process to enslave a target takes as little as 10 minutes, "indicating a highly efficient and automated operation," Trend Micro researchers Feike Hacquebord and Fernando Mercês wrote in the post.

**Selling Proxy Devices as a Cybercrime Business Model**

There is indeed a significant incentive for both espionage-motivated and financially motivated actors to set up proxy botnets to help hide where their malicious activities originate; Russia's Sandworm, for example, recently used the VPNFilter botnet and Cyclops Blink in activities against Ukraine that were elusive for a time before being ultimately disrupted by the FBI, according to Trend Micro.

"These \[botnets\] can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyberattacks," the researchers wrote.

Threat actors can find any IoT device that accepts incoming connections on the open Internet using public scanning services, making it easy for them to compromise ones with known vulnerabilities, or even zero-days, for future use in malicious activities, they wrote. This makes it easy for threat actors like Water Barghest to exploit them for financial gain and further abuse, they added.

**Uncovering the Elusive Botnet-for-Sale Cyber Operation**

Trend Micro discovered Water Barghest's operation during an investigation of the Department of Justice's disruption of a Russian military intelligence botnet that Russian state-sponsored threat group Fancy Bear (aka APT28) used for global cyber espionage.

The researchers examined EdgeRouter devices that had been used by Sandworm, and eventually uncovered Water Barghest's Ngioweb malware and botnet. The group's infrastructure had been up and running for more than five years but had been able to evade detection by security researchers and law enforcement "because of their careful operational security and high degree of automation," the researchers wrote.

"They quietly erased log files from their servers and made forensic analysis more difficult," they wrote. "They removed human error from their operations by automating almost everything. They also removed financial traceability by using cryptocurrency for anonymous payments."

Water Barghest automates each step of the 10-minute process, from initially finding vulnerable IoT devices to ultimately putting them for sale on a residential proxy marketplace. The group first acquires known exploits for flaws in devices, then uses search queries on one of the publicly available Internet-scanning databases to find vulnerable devices and their IP addresses. It then uses a set of data center IP addresses to try the exploits against potentially vulnerable IoT devices.

When one works, the compromised IoT devices download a script that iterates through Ngioweb malware samples compiled for different Linux architectures. When one of the samples runs successfully, Ngioweb will run in memory on the victim’s IoT device, registering it with a command-and-control (C2) server, and then eventually sending it to be listed on a Dark Web marketplace.

Water Barghest has about 17 identities on virtual private servers that continuously scan routers and IoT devices for known vulnerabilities and also upload Ngioweb malware to freshly compromised IoT devices. In this way, Water Barghest has been running a profitable business "for years, with the worker IP addresses changing slowly over time," according to the Trend Micro analysis.

**Protecting SOHO Routers: Limit Exposure to Public Internet**

Trend Micro expects that both the commercial market for residential proxy services and the underground market of proxies will grow in the coming years due to high demand from both APTs and financial cybercriminal groups alike. This growth will pose "a challenge for many enterprises and government organizations around the world" to protect against the anonymization layers behind which these groups hide, the researchers wrote.

While law enforcement has been effective in disrupting proxy botnets, it's better to go directly to the source to combat the problem, and that can be done by addressing the security of IoT devices. Indeed, these devices are notoriously hackable, posing a problem for organizations that must manage increasingly larger networks of them.

"It is important \[for organizations\] … to put mitigations in place to avoid their infrastructure being part of the problem itself," the researchers wrote. They can do this, they added, by limiting the exposure of these devices to incoming connections from the open Internet whenever it is not business-essential.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.

Source: CG Alex via Shutterstock

Every night for five years, computers and network appliances from the headquarters of the African Union in Ethiopia — a facility built by Chinese firms — reportedly reached out to China-based systems and uploaded sensitive data. The espionage through the technology supply chain, which China's government denies, undermined the security of the pan-African organization.

The incident and more recent supply-chain breaches have underscored that reliance on foreign technological supply chains carries with it significant risks. While using a technology supply chain anchored in China was seen as a less constrained option than US and European options, the truth is that African nations need to evaluate the security of all their supply chains across applications, consumer devices, infrastructure, and service providers, according to a report published by the Africa Center for Strategic Studies, a research and academic center funded by the US Department of Defense.

"I don't think there's an African country that doesn't have some kind of interest in fostering a more robust technology industry and finding various ways to exert more ownership and agency over various aspects of the technology sector," says Nate Allen, associate professor at the Africa Center for Strategic Studies and the author of the report. "You are seeing increasing African interest in having more ownership and say over their technology supply chains."

Supply-chain security has become a major issue worldwide following malicious events, such as the WannaCry and NotPetya worms and the compromise of SolarWinds, as well as IT supply-chain failures, like this summer's CrowdStrike outage. The US government has voiced concerns over the extent to which US maritime ports are reliant on Chinese equipment and investment, and China has begun creating its own operating system and software ecosystem.

Similarly, African nations have become wary of information technology supplied by any number of foreign countries, including China, Russia, the US, and Europe. While African nations need the technology and investment, they are pursuing initiatives to reduce their reliance, says Mark Walker, vice president of data and analytics for the Middle East, Turkey, and Africa for IDC South Africa.

"The reality is that we live in a multidimensional, globally interconnected world, \[where\] development is reliant on significant capital investment and R&D to develop technology — often this is in limited supply across Africa," he says. "That said, many African nations are focusing on developing local software and technology skills in their populations to offset reliance on global players and also ensure that solutions are relevant to local market condition and needs. Education plays a significant role in this."

**China, US Dominate Africa's Tech Market**

Those efforts are still nascent, with the reality that the top technology suppliers in Africa come from China and the US. In mobile applications, for example, 36 of 2023's top-100 applications are from Chinese companies, while 23 are from US companies, according to a report from DataSparkle, a provider of data and analytics for emerging markets. Africa-based developers only account for only seven applications, mostly focused on digital cash and payment applications.

The US dominates the operating-system supply chain with Microsoft's Windows, Google's Android, and Apple's iOS dominating the field.

"If you're not China and you're not the United States, you just have a lot of dependencies in your technology supply chain, and there's no way around it — even to some extent, if you are China and the United States," ACSS's Allen says.

Yet, the 54 nations on the content have options. While foreign firms provide much of the technology, the African market continues to grow and the domestic technology sector continues to have the most insight into nation-by-nation needs.

"\[A\] detailed view of Africa’s technology sector reveals that it is not under the control of any one actor, and there are plenty of opportunities for Africans to assert agency," the ACSS report stated. "By further fostering diversity and competition within the tech sector, African governments can help mitigate the vulnerabilities that come from external actor influence."

**Future of Technology Supply Chains in Africa**

Companies entering the market should find ways to address the cybersecurity concerns of African customers, because if they don't, someone else will, says IDC South Africa's Walker.

"Competition is strong, and vendors are judged on their ability to supply relevant technologies and services at a fair price with solid \[local\] support structures," he says, adding that companies should understand "the local market dynamics, including economic and political realities and the local regulatory environments. Security issues faced in the Horn of Africa around Somalia are different to those faced in northern Nigeria and the Magreb, which again, differ significantly from southeast Africa."

Among incidents in Africa, Chinese hackers targeted Kenyan officials following the nation's trouble paying back loans from China, according to news reports published in 2023, while another incident involved a state-sponsored group targeting foreign-affairs ministries, embassies, and military forces in Africa in an operation dubbed Diplomatic Specter, according to a threat analysis published in May.

In addition, African officials have warned that an important technology supply chain for the continent — open-source software (OSS) — needs to be better secured to prevent malicious attacks.

"I don't think that Africans are naive, or any government around the world is naive — I think they know that, if you are being sold a technology product that is not domestically produced, then there's always going to be some kind of security risk there," says ACSS's Allen. "I think the question is, how can you mitigate that security risk?"

Companies working in the markets need to have an answer to that question, he says.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

African Reliance on Foreign Suppliers Boosts Insecurity Concerns

DeepTempo's Tempo is a deep learning-based Snowflake native app that allows organizations to detect and respond to evolving threats directly within their Snowflake environments.

Soure: Zoonar GmbH via Alamy Stock Photo

Organizations are harnessing artificial intelligence (AI) to boost their security teams' productivity and detect potential threats. DeepTempo emerged from stealth on Nov. 12 with Tempo, a deep learning-based Snowflake native app. Tempo helps security teams maintain data privacy and compliance while boosting enterprise defenses, the company in a statement. DeepTempo is integrating AI-powered security capabilities into an established cloud environment, in this case, Snowflake.

Organizations benefit from faster detection of attack indicators, including new and and evolving threats, within their Snowflake environments, the company said. They can also optimize security spending by running Tempo on existing security data lakes.

DeepTempo built and trained a log language model (LLGM) to detects anomalies in network traffic and other services. The algorithm was pretrained on large amounts of log data to focus on the pattern of events, including relative and absolute time. Tempo has been optimized to work with Netflow data, and the company is recruiting teams with similar logs, such as VPC Flow, as design partners. Interested security teams can try out with Tempo with a sample data set from the Canadian Institute for Cybersecurity and view the output in Splunk.

Along with detecting anomalies, Tempo provides additional context that can be used for security triage and response, such as looking up similar patterns from the MITRE ATT&CK framework and listing potentially impacted entities. Tempo also allows "organizations to keep more of their logs within Snowflake and use their SIEMs primarily for incident response rather than log storage," the company said. DeepTempo said a large financial institution projected savings of "several million dollars, representing up to 45 percent of their existing SIEM spending" by using Snowflake as its system of record and not relying on a separate security information and event management (SIEM) system.

"Tempo has demonstrated a unique blend of accuracy and practicality, with false positive and false negative rates lower than one percent after adaptation to a new user’s domain," the company said, noting that Tempo doesn't need to know the different attack patterns. "It simply recognizes when activities deviate from the norm, triggering detection for any threat that emerges."

DeepTempo Launches AI-Based Security App for Snowflake

RIIG is a risk intelligence and cybersecurity solutions provider offering open source intelligence solutions designed for zero-trust environments.

Source: Olekcii Mach via Alamy Stock Photo

As cyber threats get more sophisticated and the volume of attacks increase, organizations are looking at how artificial intelligence (AI) can help beef up defenses. RIIG, a risk intelligence and cybersecurity solutions provider, combines AI And machine learning technologies with network threat detection to provide risk intelligence. With access to 17 intelligence agencies and collaborations with commercial partners, RIIG provides organizations with high-quality, verifiable data and advanced intelligence, the company said in a statement.

Charlottesville-Va.-based RIIG, which emerged from stealth today, specializes in "white hat data trust services" and offers open source risk intelligence for zero-trust environments, the company said. RIIG offers both risk intelligence offerings, such as open source intelligence, regulation, and forensics, as well as cybersecurity solutions, such as vulnerability assessments, strategic implementation, and tech validation. 

RIIG plans to partner with local academic institutions for access to industry-leading research and talent. 

The company also announced it raised $3 million in seed funding, led by the Felton Group. The funds will be used to accelerate product development and expand client support.

**About the Author**

Source

DARKReading