This is the May news and product review from Cyberday and also a summary of the latest admin webinar. Our next admin webinar, where we will go live, will take place in fall 2025. You can register for the webinar on our webinars page closer to the date.

News round-up 5/2025

NIS2 delays shouldn’t cause inaction

Article from pinsentmasons.com

The EU’s NIS2 Directive is moving slowly through national legislations, with 19 out of 27 countries missing the transposition deadline on May 14th. That delay impacts the specifics of national rules, but not the obligations companies are expected to meet. The directive itself lays down minimum requirements, and while local versions may add to these, the core expectations won’t change. The European Commission has already issued a formal warning called a "reasoned opinion", giving countries two months to respond or face possible fines. Transposition likely won’t be fully complete until late this year at the earliest, but that doesn’t mean companies should wait to act.

Taking a “wait and see” approach might feel safe, but it’s risky: both from a compliance and cybersecurity perspective. Yes, some details are still in flux, but the direction is clear, and the obligations are real. Doing nothing now could leave organisations scrambling once national laws drop. Instead, businesses should start preparing: map their risk exposure, educate internal teams, and put flexible compliance plans in place. NIS2 isn’t just a regulatory burden, but a chance to raise your cybersecurity baseline. And with today’s threat landscape, that’s a smart move regardless of the legal timeline.

Kettering Health hit by system-wide outage after ransomware attack

Article from bleedingcomputer.com

A recent cyberattack to Kettering Healt in Ohio caused widespread impact across the organization’s 14 hospitals and over 120 outpatient facilities, disrupting vital systems including patient care platforms and the call center. As a result, elective inpatient and outpatient procedures were canceled, and appointments delayed, while emergency services continue to operate. To make matters worse, scammers have exploited the situation by impersonating Kettering staff to extract payments from unsuspecting patients. The organization has paused all billing calls for safety and urged patients to report suspicious activity.

Recovery from the incident is ongoing and slow, with IT teams collaborating closely with cybersecurity experts and law enforcement to restore operations. While Kettering has not confirmed the nature of the attack, cybersecurity firm PRODAFT attributes the breach to a threat actor known as Nefarious Mantis, linked to the Interlock ransomware group. This group has previously attacked healthcare and biotech organizations, using the Interlock RAT and ransomware to seize control of systems and exfiltrate sensitive data. The situation at Kettering highlights the growing threat ransomware poses to healthcare infrastructure where operational downtime can have real consequences for patient care. It’s a stark reminder for all industries, but especially healthcare, that cybersecurity resilience must be treated as a frontline priority.

This article highlights the growing threat to healthcare infrastructure and the urgent need for stronger cybersecurity preparedness and response.

Sophisticated Phishing via NPM and AES

Artikel van darkreading.com

A recent phishing attack targeting Microsoft 365 users used a uniquely complex approach, combining multiple advanced techniques in a single attack, something researchers have not previously seen used together. According to security analysis, the phishing email disguised itself as a DocuSign notification, containing  with AES. Upon opening, the attachment reached out to a well-known CDN (like Cloudflare or Google Cloud) and executed a malicious npm package. This JavaScript-based package directed the victim through a chain of redirects, ultimately landing on a convincing, but fake Microsoft 365 login page designed to steal credentials.

What makes this attack particularly dangerous is that it bypassed traditional detection systems despite using no obvious obfuscation. Instead, the attacker relied on encryption, a trusted CDN, and poisoned open-source software to blend in with legitimate traffic. It's a clear signal that defenders must evolve their strategies, watching for subtle indicators like encrypted files in emails and niche, low-volume phishing tactics. While the infrastructure used in this specific attack has since been taken down, the implications are broad: threat actors continue to innovate, and security teams must be equally agile. This case also underlines the importance of a dedicated ISMS team and structured internal security processes - something Cyberday will soon support more comprehensively.

‍

Phone satisfaction falls to 10-year low -and AI is only partly to blame

Article from zdnet.com

Smartphone user satisfaction has hit its lowest point in a decade, according to the latest American Customer Satisfaction Index, dropping from 82% to 78%. This is a significant decline after last year’s record high. This dip is largely driven by sluggish innovation, rising prices, and fewer compelling reasons to upgrade. Despite brands racing to introduce new features, users are increasingly frustrated with the lack of improvement in core functionalities like battery life, call reliability, and ease of use.

The study also highlights that AI enhancements have failed to deliver meaningful value for most users, with only 8% saying they'd pay for AI features. Consumers are clearly prioritizing practicality over novelty. Even industry leaders like Apple and Samsung saw slight declines in satisfaction, and Google saw a sharper 3% drop. For smartwatches, Samsung leads with 83% satisfaction, followed by Apple and Fitbit, again reinforcing that users care most about durable design and display quality. The message is clear: innovation must serve the basics, or it won’t move the needle.

This highlights a growing disconnect between smartphone innovation and user expectations, with customer satisfaction at its lowest in a decade. Despite flashy new features like AI, users are prioritizing core functions, like battery life, reliability, and ease of use, which continue to fall short.

Trillions poured into IT projects, yet they go wrong - why?

Article from tivi.fi

40% of IT projects exceed their budgets, with 20% going over by more than 50%, and some by over 200%. According to recent findings, this troubling trend is driven by a few consistent challenges: lack of IT experience, absence of certified project management, and the abstract nature of many digital projects that make them hard to scope and control. Compared to fields like bridge construction where detailed plans are carefully reviewed before any work starts, many IT and compliance initiatives still suffer from vague beginnings.

One major recommendation is investing more time in the planning phase, particularly for compliance and AI-related projects, where clarity and structure are often lacking. Gartner forecasts $5.6 trillion in global IT spending this year, underlining the scale—and potential waste—at stake. The key takeaway? If those prioritizing and leading your AI efforts don’t fully understand the domain or the time investment needed, you risk setting the project up for failure from the start. Solid planning and deeper project understanding are essential to avoid budget blowouts and disappointing outcomes.

Russia to enforce location tracking on foreigners

Article from bleedingcomputer.com

Russia has introduced a controversial new law requiring all foreign nationals in the Moscow region (excluding diplomats and Belarusian citizens) to install a government-issued tracking app on their smartphones. The app will collect detailed personal data including fingerprints, facial images, residence information, and real-time location, with any change in residence requiring notification to authorities within three days. Non-compliance will lead to inclusion in a monitored registry and deportation.

Officials claim the measure is intended to reduce migrant-related crimes through improved oversight, but critics have raised serious concerns. Legal experts argue it violates constitutional privacy rights, while migrant community leaders and digital rights advocates question its feasibility and warn it could deter much-needed labor migration. The plan is still in development, with practical concerns like device loss yet to be addressed. The surveillance pilot will run until September 2029, with the possibility of expanding nationwide.

What are your thoughts on the balance between national security and individual privacy in policies like Russia's proposed migrant tracking law?

Belangrijkste thema's in de ontwikkeling van Cyberday

Improvements to Cyberday trust centers

We’ve expanded the first implementation of the Cyberday Trust Center to give you more control, clarity, and confidence when sharing your security posture.

With the latest updates, you can now:

• Upload your own documents like certifications, audit reports, or testing statements to your trust center.
• Track and manage access requests directly in the Cyberday app, giving you full visibility into who’s asking for what.
• Customize visitor experience by filling in basic welcome info to introduce your trust center effectively.

These improvements make it easier to build trust with partners and customers—while staying in control of your shared materials.

Automated monthly ISMS key data export

You can now enable an automated monthly export of your key ISMS documentation from Cyberday. This is especially useful if you want to maintain offline backups or support business continuity planning with regularly stored copies of your critical data.

Set it up easily from the Settings section by selecting which documentation lists and reports you want included. Once enabled, you’ll receive a monthly email with a link to download your data package start of the month —no manual steps required.

Komende ontwikkelingen

‍In-app recent development -feed: We are launching a new Recent Development feed under the Community tab to keep you connected with the latest updates. This is your go-to place for quick insights into new features, improvements, and behind-the-scenes progress—right where you work.

Sharing reports for ”anyone with a link”: You can soon share Cyberday reports more flexibly by enabling “anyone with a link” access. This makes it simple to distribute key information externally with shareable link.

Condensed SoA view of compliance reports: We are adding a condensed Statement of Applicability (SoA) view to compliance reports, making it easier to get a quick, focused overview of control statuses—perfect for audits and stakeholder reviews.

Other upcoming themes on development road are vendor assessment updates, Renewed single framework pages and framework-specific improvement suggestion.

Recent gepubliceerde en aankomende raamwerken

We’re continuously expanding our support for critical cybersecurity and compliance frameworks. This spring, we’ve added coverage for the Cyber Resilience Act (CRA) and NIS2 local legislations as they begin to come into force across EU member states. Looking ahead, we’re preparing to launch support for key standards like HIPAA, ISA/IEC 62443-2-1, and many others. Stay tuned for updates as these frameworks become available in Cyberday.

Bekijk de beschikbare en komende frameworks in de Cyberday app of op de Frameworks website.