A South Korean court has sentenced Samsung Electronics vice chairman Lee Jae-Yeong to two-and-a-half years in prison, the court said.

The sentencing will have major ramifications for his leadership of the tech giant as well as Korea’s views toward big business.

With this sentence, Lee will be sidelined for the time being from major decision-making at Samsung Electronics as it strives to overtake competitors.

He will also be unable to oversee the process of inheritance from his father, who died in October — crucial to maintaining his control of Samsung.

Lee, 52, was convicted of bribing an associate of former President Park Geun-hye and jailed for five years in 2017.

He denied wrongdoing, the sentence was reduced and suspended on appeal, and he was released after serving a year.

The Supreme Court then sent the case back to the Seoul High Court, which issued Monday’s ruling.

The Seoul High Court found Lee guilty of bribery, embezzlement and concealment of criminal proceeds worth about 8.6 billion won ($7.8 million), and said the independent compliance committee Samsung set up early last year has yet to become fully effective.

“Lee has shown willingness for management with newly stronger compliance, as he has vowed to create a transparent company,” Presiding Judge Jeong Jun-Yeong said.

“Despite some shortcomings… I hope that over time, it will be evaluated as a milestone in the history of Korean companies as a start of compliance ethics for a greater leap forward.”

Wearing a mask and black suit and tie, Lee was taken into custody following the ruling.

He didn’t answer questions by reporters upon his arrival at the court.

Lee’s lawyer expressed regret over the court’s decision, saying that the “essence of the case is that a former president abused power to infringe upon the freedom and property rights of a private company.”

“The nature of this case is the former president’s abuse of power violating corporate freedom and property rights. Given that nature, the court’s decision is regrettable,” Lee’s lawyer said.

He didn’t specifically say whether there would be an appeal. Samsung did not issue a statement over the ruling.

With Lee returning to prison, the year he already served in detention is expected to count toward the sentence — leaving 18 months of his sentence to be served.

Monday’s sentencing can be appealed to the Supreme Court within seven days, the judge said, but legal experts said that because the Supreme Court has already ruled on it once, chances are lower that its legal interpretation will change.

Shares in Samsung Electronics dropped as much as 4 per cent after the ruling, while shares in affiliates such as Samsung C&T, Samsung Life Insurance and Samsung SDI also fell sharply.

Reuters/AP

An analysis of breach data by Tenable’s Security Response Team (SRT) has shown that from January to October 2020, there were 730 publicly disclosed events resulting in more 22 billion records exposed worldwide.

The Tenable report also highlighted that 35% of the breaches that were analysed were linked to ransomware attacks, resulting in tremendous financial cost, while 14% of breaches were the result of email compromises.

One of the overarching themes of the threat landscape in 2020 was that threat actors relied on unpatched vulnerabilities in their attacks as well as chaining together multiple vulnerabilities as part of their attacks.

This analysis has been published in Tenable’s 2020 Threat Landscape Retrospective (TLR) report which provides an overview of the key vulnerabilities disclosed or exploited in the 12 months ending December 31, 2020.

As organisations around the world prepare to face the new cybersecurity challenges looming in 2021, it’s crucial to pause and take a look back at the most critical vulnerabilities and risks from the past year.

Understanding which enterprise systems are affected by the year’s vulnerabilities can help organisations understand which flaws represent the greatest risk.

From 2015 to 2020, the number of reported common vulnerabilities and exposures (CVEs) increased at an average annual percentage growth rate of 36.6%.

In 2020, 18,358 CVEs were reported, representing a 6% increase over the 17,305 reported in 2019, and a 183% increase over the 6,487 disclosed in 2015. Prioritising which vulnerabilities warrants attention is more challenging than ever.

According to the report, pre-existing vulnerabilities in virtual private network (VPN) solutions — many of which were initially disclosed in 2019 or earlier — continue to remain a favourite target for cybercriminals and nation-state groups.

It also pointed out that web browsers like Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge are the primary target for zero-day vulnerabilities, accounting for over 35% of all zero-day vulnerabilities exploited in the wild.

Fixing unpatched vulnerabilities, implementing strong security controls for remote desktop protocol, ensuring endpoint security is up-to-date and regularly performing security awareness training are steps organisations can take to thwart some of these attacks.

“As defenders, it is difficult enough to prioritise remediation given the hundreds of vulnerabilities released on Microsoft’s Patch Tuesday every month and Oracle’s Critical Patch Update each quarter.

“Add in the impact from COVID-19 for defenders trying to protect their new remote workforce and you have a recipe for chaos,” said Satnam Narang, Staff Research Engineer at Tenable.

“Security teams know to pick their battles, but when there is a flurry of vulnerabilities with a CVSSv3 score of 10.0 released within weeks of each other, the battles are being chosen for you and they’re happening simultaneously.

“In order to manage vulnerability overload, you’ll need to take inventory of your entire network, identify your most critical assets and ensure they receive patches in an appropriate time frame.

“Additional indicators, such as CVSSv3 scores and the availability of PoC exploit scripts, can provide further insight into  whether or not  a vulnerability is more likely to be exploited in the wild, helping your team focus first on the most severe threats facing your network.”

Maher Jadallah, Regional Director – Middle East, Tenable, said, “If we learnt anything from 2020, it is that we are all reliant on the infrastructure and supply chains underpinning modern society — be it agriculture, pharmaceutical development, and food and beverage manufacturing — especially in times of crisis.

“Unfortunately, threat actors are also looking for ways to capitalise on any lowering of defences. The challenge might appear insurmountable — particularly given the ever-expanding attack surface of IT, operational technology (OT) and internet of things (IoT) devices.

“Given the reliance of threat actors on unpatched vulnerabilities, it is increasingly obvious that vulnerability management has a central role to play in modern cybersecurity strategies.”

Nokia Shanghai Bell has confirmed that it will provide Airport Authority Hong Kong (AAHK) with a new, high-bandwidth, mission-critical Nokia IP/MPLS network, to support the digital transformation of its tower operations.

Nokia Shanghai Bell will also support and manage the migration of legacy non-IP aviation applications to the new network, according to reports at itp.net.

Mervyn Harris, Head of Air Traffic Management, Nokia Cloud and Networks Services said, “As we deploy this robust next-generation network, not only will we complete a flexible, seamless migration of legacy applications but we will also deliver Hong Kong International Airport wide-ranging benefits that include increased passenger capacity, reliability and ease of expansion.

“Nokia possesses extensive experience in mission-critical IP networking with air navigation service providers (ANSPs) elsewhere in the world. This enables us to deliver an unparalleled combination of technical skills and domain expertise, which is essential to provide the highest levels of network availability, performance and safety for such a high-profile airport.”

As part of the deal, Nokia will supply a range of operational aviation-specific professional services for network design, architecture, integration and deployment. Following the completion of the deployment later in 2021, Nokia will continue to provide long-term support and maintenance for the airport.

During the project, Nokia will partner with Shun Hing Systems Integration. Shun Hing Systems Integration has extensive experience in design, project management, installation, maintenance of telecommunication and transport infrastructure related systems.

“This project is an important step in plans to expand the airport’s operations, enabling it to take advantage of IP networking to modernise aviation communications,” said S.F. Chan, Assistant General Manager, Shun Hing Systems Integration Co., Ltd.