Britain's Cyber Risk Is “Widely Underestimated” 

The UK needs to wake up to Russia's online "aggression and recklessness" and the risks posed by "highly sophisticated" Chinese hackers, the Director of the British National Cyber Security Centre is warning.

In his first major speech, Richard Horne, the newly appointed chief of  the GCHQ spy agency's National Cyber Security Centre (NCSC), will highlight the "widening gap" between the threats facing the UK, from both state-backed hackers and online criminals, and the defences in place to protect businesses and public services

In his speech, Horne highlights the "widening gap" between the threats facing the UK, from both state-backed hackers and online criminals, and the defences in place to protect businesses and public services. “What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us... what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries."

There was a significant cyber security breach that hit the Ministry of Defence (MoD) in 2023 when passwords belonging to nearly 600 employees were stolen and leaked onto the Dark Web.The cyber attack, believed to have been perpetrated by Russian hackers, exposed sensitive information of both military personnel, civilian staff and defence contractors. 

Today, Horne is warning of “the aggression and recklessness of cyber activity we see coming from Russia”, both from organisations linked to Vladimir Putin’s government and groups operating without direct Kremlin control.

Indeed, the NCSC describes Russia as a “capable, motivated and irresponsible threat actor in cyberspace” and through its actions in Ukraine  is also inspiring “non-state threat actors” to carry out cyber attacks against critical national infrastructure.

The NCSC has responsibility for publishing advice, guidance and frameworks to improve the cyber security of the UK. Those frameworks need to be put into practice much more widely. “We need all organisations, public and private, to see cyber security as both an essential foundation for their operations and a driver for growth. To view cyber security not just as a ‘necessary evil’ or compliance function, but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.” according to Richard Horne.

“Hostile activity in UK cyberspace has increased in frequency, sophistication and intensity.... Actors are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction.."

Last week, a senior British government minister issued a warning about aggressive of cyber activity from Russia. Now, the NCSC Director is saying that cyber attacks are increasingly important to Russian actors, along with sabotage threats to physical security. “All the while, China remains a highly sophisticated cyber actor, with increasing ambition to project its influence beyond its borders."

In comment, Jamie Moles  the Senior Technical Manager at Network Detection and Response provider, ExtraHop. said, "Recognising the problem is only half the battle. Awareness alone doesn’t stop ransomware or defend critical infrastructure - what’s missing is decisive action and serious investment in both technology and expertise... If companies and governments don’t prioritise proactive measures, such as enhancing network visibility to detect intrusions early and ensuring systems are resilient enough to recover from attacks, we’ll keep playing catch-up while our adversaries exploit the gaps...

.. It’s time to move beyond talking points and take the technical steps necessary to secure our future.” 

In its Annual Review the NCSC highlights the increasingly challenging online environment that the UK and its allies are navigating to ensure a safe and prosperous digital world for its citizens. These include:

State Threats:  Characterising the 2024 cyber threat landscape as “diffuse and dangerous”, the Annual Review notes a rising frequency of cyber incidents and a growing severity in their impact. Over the past 12 months, the NCSC has observed how conflicts are fuelling a volatile threat landscape, including Russia’s deployment of destructive malware against Ukrainian targets, and routine attempts to interfere with the systems of NATO countries in support of its war effort.

China is described as a highly sophisticated and capable actor targeting a wide range of sectors. In February 2024, the NCSC co-signed an advisory on observed compromises of U.S. Critical National Infrastructure (CNI) by Volt Typhoon, and in March 2024 the UK government called out China state-affiliated actors for targeting democratic institutions.

Iran-based threat actors remain aggressive in cyberspace, and the Democratic People’s Republic of Korea (DPRK) continues to prioritise raising revenue to circumvent sanctions and collect intelligence in its cyber activity. 

Criminal Threats: Ransomware is highlighted as the most pervasive cyber threat to UK organisations, highlighting the financially motivated ransomware attack on Synnovis, a supplier to the NHS, which had a significant impact on citizens. Elsewhere, cyber criminals’ use artificial intelligence (AI) to increase the volume and heighten the impact of cyber attacks. In January 2024, the NCSC published an assessment of the near-term impact of AI on the cyber threat, highlighting how it can be used for reconnaissance, social engineering and analysis of exfiltrated data.

Cyber Incidents: This year, the NCSC’s Incident Management team handled 430 incidents, compared to 371 the previous year. Of these, 347 involved some level of data exfiltration and 20 incidents involved ransomware. The top sectors reporting ransomware activity into the NCSC this year were academia, manufacturing, IT, legal, charities and construction.

Current Conclusions:  The report continues “The UK cannot underestimate the severity of state-led threats, or the volume of the threat posed by criminals. “The resilience of critical infrastructure, supply chains and the public sector must improve. But so must our wider economy.”

The Annual Review also notes that the increasing availability of Artificial Intelligence (AI) can “increase the volume and heighten the impact of cyber attacks.” 

Steve Bradford, Senior Vice President EMEA at SailPoint observed that “Cyber criminals are now regularly using AI to ramp up the frequency and severity of attacks. Many of these, however, still come down to some sort of compromised identity, with user access points often targeted. 

As the UK faces a “widening gap” in its ability to combat these threats, which increasingly target supply chains, organisations must ensure they are implementing security across the entire ecosystem...

... Technology such as identity security ensures employees, including those from third-party organisations who have access to systems, are only granted the necessary permissions to fulfil their specific roles and responsibilities, no more, no less." Bradford added,

Criminals are increasingly adopting AI-driven techniques to expand their reach and sophistication, a significant trend at the expense of both ordinary citizens and businesses. As cyber threats evolve, the NCSC emphasises that the UK cannot afford complacency.

“The resilience of critical infrastructure, supply chains, and the public sector must improve, but so must our wider economy,” the NCSC report states. “The UK must wake up to the severity of the cyber threat.”

NCSC   |   Sky   |    LBC   |   Upday  |   MSN   |   Independent   |   Computing

Image: mirsad sarajlic

You Might Also Read: 

Is The British Government Doing Enough To Combat Cyberattacks Against Critical Infrastructure?:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


« Artificial Intelligence Steps Into UK Boardrooms
What Is A Threat Exposure Management Platform & Does Your Company Need One? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

Chatham House

Chatham House

Chatham House is an independent policy institute based in London. Topics cover foreign affairs and defence including cyber security.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Red Helix

Red Helix

Red Helix (formerly Phoenix Datacom) is a market leader in network performance and cyber security.