In its annual review, the NCSC has warned that cyber resilience in the UK must be improved, stating that it continues to prioritise the resilience of the country’s critical national infrastructure (CNI).
NCSC, which is a part of GCHQ, states that the UK in particular needs to accelerate work to keep pace with the changing threat landscape, particularly in relation to enhancing cyber resilience in the nation’s most critical sectors.
Worldwide, 2023 has already seen the emergence of state-aligned actors as a new and emerging cyber threat to CNI and the concerns around potential risks of AI, all of which drive the need for support from organisations like the NCSC.
Keeping up with the increased sophistication of cyber crime
A new class of cybercriminal has entered the cybersecurity space. NCSC cautions in its report that these bad actors have tactics of increased sophistication and nations must accelerate cybersecurity measures to stay ahead of them.
In particular, ransomware remains one of the most prolific cyber threats facing the UK. NCSC highlights that all organisations should take action to protect themselves from the rising tide of ransomware critically impacting businesses. Stealing and encrypting data is cited as the primary tactic that cybercriminals use to maximise their profits.
However, data extortion attacks, in which data is stolen but not encrypted, are fast becoming a growing trend. Between September 2022 and August 2023, the NCSC received an all-time high number of reports, with a 64% increase from last year. Incidents involving the exfiltration or extortion of data was also up 18.5%.
It also received 297 reports of ransomware activity tips, identifying the top five sectors susceptible to this type of criminal activity as academia, manufacturing, IT, finance and engineering. The NCSC issued nearly 25 million notifications informing organisations that they were experiencing a cyber incident via its automated early warning service.
Offering further insight, Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense, says: “More needs to be done to protect CNI worldwide. This is especially vital within the energy sector, which will become much more of a target for cybercriminals looking to cause disruption or achieve financial gains as we move away from fossil fuels and increase our reliance on renewable energy.
“As ever, any cyber-resilience programme within CNI firms must begin with the security fundamentals, such as educating employees on the threats they face and the importance of adopting good basic security hygiene. They should also prioritise patch management to update and rid key systems of any potentially catastrophic vulnerabilities, which can prevent many breaches before they even occur.”
He continues: “When considering the security of CNI value chains, we must also give thought to driving security beyond basic hygiene factors.”
Will emerging technologies have a part to play?
These cybersecurity strategies are now more important than ever before. Given increased global tensions in relation to the changing digital landscape, increased awareness will hopefully help businesses and private users better protect themselves against threats.
The report by NCSC is also careful to mention AI, given how rapidly interest in these tools has increased. Particularly in the wake of the UK AI Safety Summit, organisations and world leaders will now be keen to continue incorporating the technology into their operations, but the key will be to ensure this is done responsibly.
AI can be a force for good when it comes to business transformation, as well as positively impacting key services, it can still be utilised by cyber criminals to exploit people. The report by NCSC states: “Our primary objective is to ensure that cyber security does not become a secondary consideration but is recognised as an essential precondition for the safety, reliability, predictability, and ethics of AI systems.”
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.