Cybersecurity News Roundup: iOS 16.3 protections, the EU’s security commitment, and more

The latest developments in the Cybersecurity industry deserve a closer analysis, particularly since it involves Apple, the EU and Google Chrome. I will start this with our editors’ pick, Apple:

iOS 16.3 Security Update

Apple released their third update of iOS 16 this past Monday, Jan 23, which includes a brand new feature intended to expand the operating security of iPhone and iPad devices. The security feature centers on the newly introduced ability to use security keys. This is the first time the company has permitted users to use physical security keys, a step forward that will make it easier to use two-factor identification for Apple IDs. Unlike other forms of two-factor authentication, Apple describes the security key as a “small external device that looks like a thumb drive or tag, which can be used for verification when signing in with your Apple ID.” Instead of using the traditional six digit code the keys will substitute as the second authentication factor.

While open to all users who install the new update, the feature will be especially helpful for individuals like government officials, celebrities, and journalists who are often the targets of unique security threats such as social engineering scams and phishing. Apple has stated that only security keys from companies that are FIDO Certified — examples in their press release included options from brands such as YubiKey and Feitan — will be allowed. This development is another contribution to Apple’s commitment to cybersecurity and device protection amidst a recent uptick in cyberattacks.  


Instagram Control

Instagram’s parent company Meta announced a new update for the social media platform with several features to provide users with more customized control over their feed. These features include new settings options that allow users to specialize the posts they see by hiding posts that include keywords they would like to block.

The update also includes expanded parental controls that give parents access to details such as what accounts their kids are following and messaging to make it easier to monitor online activity on the app. These updates have been encouraged by lawmakers who have criticized the company for the lack of safeguards provided to vulnerable users on the platform. 


Walmart Cybersecurity Investment

With an increase in online purchases and forecasted growth in their CapEx for 2023, Walmart has announced major investments in cybersecurity along with wider spread recruitment of cybersecurity professionals. The company has made advancements in this sector recently in 2022 with the hiring of 5,000 tech professionals across sectors like cybersecurity and software engineering as well as the construction of “technology hubs” in locations like Bentonville, Arkansas; however, this new investment will focus more heavily on encouraging company recruits to transition to technology as a means to lessen the shortage of cybersecurity professionals. The investment will also aid in expanding the automation of cybersecurity practices across Walmart’s sectors to increase efficiency and stability in guarding against attacks. 

Four interesting facts about the cybersecurity industry

  1. It is estimated that there is a shortage of 3.4 million workers in the cybersecurity industry with many large companies now attempting to fill this gap.
  2. The average cost globally of a company data breach is about $3.9 million. This can have a tremendous negative impact on a company’s finances along with their reputation.
  3. Cybersecurity is a rapidly growing industry that is estimated to grow at a compound annual growth rate of 12.3% over the next decade. 
  4. Cybersecurity has been quickly expanding to help small businesses as well due to the vulnerability of small to midsize businesses in regards to cyberattacks and outside security threats.


EU Cybersecurity Legislation 

The European Union recently introduced two new major directives meant to improve upon cybersecurity infrastructure across the region. These pieces of legislation have come about following threats made against the EU’s existing infrastructure in the past few years. The legislation is broken down into two key directives — the NIS 2 Directive and the CER Directive — both of which will target online and offline threats.

According to the European Commission’s description of NIS 2, the directive will “ensure a safer and stronger Europe by significantly expanding the sectors and types of critical entities falling under its scope.” Included are guidelines to increase the cybersecurity management requirements that companies in the EU have an obligation to comply with as well as strengthened incident report methods that will streamline the process and provide a better look into vulnerabilities impacting the economy. Also, the directive expands upon existing classifications of critical entities to now include sectors such as waste management, public electronic communications and networks, data center services, critical product manufacturing, and healthcare. NIS 2’s counterpart, the CER Directive, serves as a replacement to the former European Critical Infrastructure Directive, which was first introduced in 2008. The directive includes new provisions to target threats in what is now a more complex landscape compared to that of 15 years ago. It will institute policies meant to make the EU more resilient to broader security threats ranging from terrorist attacks to natural disasters.


Google Devices Security Patch

Google has released security updates for several of its devices to help users protect against reported vulnerabilities that were recently identified. These updates were released this month to users of the company’s popular search engine Google Chrome along with their Android smartphone line. The security patch for Android which was released to users in two parts on Jan 1 and Jan 5 protects against 60 vulnerabilities including 19 defects that were found in the Framework and System components.

On Google Chrome, 17 security vulnerabilities were confirmed by the technical program manager of the service, Prudhvikumar Bommana. These vulnerabilities ranged from low to high criticality, but have since been patched with the rollout of the most recent Google Chrome security patch. Users can ensure that their Google Chrome is up to date with the newest patch by clicking the “about” icon from the dropdown help menu. It is recommended to install the new update as soon as possible to safeguard against data breaches or attacks that could accompany the vulnerabilities.