The UK official National Cyber Security Centre (NCSC) has brought out its annual report, for its sixth year. NCSC is part of the Government agency GCHQ, and in a foreword the director of GCHQ Sir Jeremy Fleming says it is clear the cyber security threat is diversifying and evolving.
He writes: “We are seeing more states with cyber capabilities and more non-state actors joining the mix. We are also experiencing a shift in technology leadership towards the East. These factors and more have implications for the cyber security threats we all face. The past 12 months have reminded us that global events have a direct impact at home. President Putin’s unprovoked war in Ukraine has involved a range of cyber activities that we, and partners, have attributed to Russia.”
And a foreword by Lindy Cameron, CEO of the Centre, states that ransomware remains the most acute threat that businesses and organisations in the UK face. “These attacks have genuine real-world consequences and are a reminder to all organisations of the importance of taking the mitigation measures set out in our guidance. Low-sophistication cyber crime also continues to be a scourge to the British public and organisations, but it is heartening to see a growing uptake in our services to protect against these threats. Sign-ups to our Early Warning service rose by over 90 per cent, while the 6.5 million reports from the public to the Suspicious Email Reporting Service (SERS) this year shows that people are both becoming more cyber aware and contributing to our resilience.”
As she adds, the document is as much about the threats on the horizon as the year to August 2022, ‘including the growing commercial availability of malicious and disruptive cyber tools and the risk of those falling into the wrong hands’. Besides Russia, China is also singled out; as the Chinese Government’s cyber capabilities ‘continued to develop’, and China is forecast to likely be the ‘single biggest factor affecting the UK’s cyber security’. The document says: “Beijing’s activity has become ever more sophisticated, with the state increasingly targeting third party technology and service supply chains, as well as exploiting software vulnerabilities.” Iran and North Korea are also named.
The document covers resilience, and ‘active cyber defence’; and the cyber side of general tech trends. It’s also a useful source for stats, and the state of talent in the sector.
Visit www.ncsc.gov.uk/annualreview-2022.
Comments
The 34 million cyber alerts in the past year sent by NCSC shows how relentless cyber criminals are in their pursuit of sensitive information, according to Steve Bradford, Senior Vice President EMEA, at the cyber firm SailPoint. He says: “Ransomware, phishing and targeted social engineering attacks are all on the rise and increasing in sophistication. But many of these, at their root, come down to some sort of compromised identity, with user access points often targeted.
“The NCSC’s early warning service has already made a huge impact when it comes to bringing threats to the attention of UK organisations. But leveraging AI-enabled identity security helps them be in the drivers’ seat. Clearly seeing, understanding, and managing who has access to what, and why, and then properly securing that access, can go a long way in avoiding a breach or compromise. Given how prevalent these attacks are today, businesses should put identity security at the core of their security efforts.”
And David Carroll, MD of Nominet Cyber notes that Russia’s invasion of Ukraine brought with it serious threats to cyberspace, while other nation-states like China are becoming more sophisticated in their cyber capabilities and increasingly target software vulnerabilities and third-party supply chains. In the UK, ransomware has not let up and remains a major threat to businesses, with several requiring a national response, one of which was a water utility company.”
“At Nominet, we’re honoured to work with the NCSC in delivering PDNS across the UK, which has played a major role in protecting public services over the last several years. The road ahead won’t get any easier, but there is no doubt that the UK will continue to meet the challenges ahead, in no small part thanks to the NCSC’s Active Cyber Defence measures. PDNS [Protective DNS Service] plays a major role as the first line of defence, stopping ransomware, phishing attacks, and other malicious threats in their tracks. As threat actors continue to adapt and become more brazen with their targets, services like this and the new Early Warning service, which rapidly informs organisations of potential attacks on their networks, are needed to stem the tide. We fully support the NCSC in their work to continue building cyber resilience and bolstering the UK’s cyber defences and look forward to PDNS being a part of those efforts.”
