The leader of the National Cyber Security Centre in the UK cautioned in his initial address on Tuesday that the cyber risks facing the nation are significantly underrated.
Richard Horne, who assumed the role in October, highlighted that malicious activities have been on the rise in terms of frequency, complexity, and severity, mostly orchestrated by foreign entities based in Russia and China. He specifically mentioned the recent cyberattacks employing ransomware on the British Library and pathology company Synnovis, which severely disrupted the healthcare sector, magnifying the country’s heavy reliance on technology for knowledge access and public health.
“Adversaries are now increasingly exploiting our dependence on technology as a strategic advantage, aiming to cause maximum chaos and disarray,” he pointed out during his speech.
EXPLORE: 1.1 Million UK NHS Employee Records Exposed
NCSC annual report identified an upsurge in cyber incidents during 2024
Horne’s statements coincide with the NCSC’s recently published Annual Review for 2024, which disclosed that their Incident Management unit managed 430 incidents this year in contrast to 371 in 2023. Among these, 347 incidents involved some form of data breach, with 20 linked to ransomware.
The report pinpointed ransomware as the predominant menace confronting UK enterprises, especially in sectors like education, manufacturing, information technology, legal services, non-profit organizations, and construction. According to the NCSC, the growing adoption of generative AI has been associated with an elevated risk of ransomware by enhancing attackers’ capabilities. Novice assailants can leverage it in crafting social engineering materials, analyzing purloined data, programming, and conducting reconnaissance, thus minimizing the entry barriers.
As outlined in the NCSC’s Annual Review, 12 out of the 430 incidents were deemed “truly severe and substantial,” marking a threefold surge over the preceding year.
Insufficient Focus on Cyber Resilience Acknowledged by Horne
“My tenure at the NCSC has made glaringly clear the expanding chasm between our vulnerability to threats and the protective measures currently in place,” he remarked. “It’s abundantly evident that we all must ramp up our efforts to outpace our adversaries.”
Recent surveys have revealed that 87% of UK businesses are ill-prepared for cyber assaults, 99% have encountered one in the past year, and only 54% of UK IT professionals are confident in salvaging their company’s data post-attack.
Horne emphasized that the guidelines and frameworks formulated by the NCSC are underutilized. He stressed that organizations must transform their views on cyber security, considering it not just as a “necessary evil” or a mere “compliance task” but as a core element contributing to organizational success.
NCSC Warns of Encroaching Nation-State Threats on the UK
The issue of state-sponsored threats occupies a central place in both Horne’s address and the Annual Review, emphasizing the critical need to remain vigilant against the increasing frequency and severity of such threats.
Russia
This year, the NCSC and several global cyber enforcement bodies, including the U.S. Federal Bureau of Investigation, issued alerts about hacktivist assaults tied to pro-Russia factions concentrating on critical infrastructure like smart water meters, dam surveillance systems, smart networks, and precision agriculture sensors. Numerous incidents involving Russian intelligence services orchestrating attacks and espionage on NATO allies were also brought to light.
“Russian threat actors significantly escalated their cyber warfare against Ukraine and its associates, backing their military actions and broader geopolitical goals,” the Annual Review disclosed. “Through their incursions in Ukraine, Russia is inspiring non-state elements to launch cyber assaults on critical national infrastructure across Western nations.”
China
Describing China as “a sophisticated cyber player with expanding ambitions beyond its borders,” Horne uncovered instances this year of state-sponsored Chinese hackers penetrating critical U.S. infrastructure and targeting British parliamentarians and the Electoral Commission, as detailed in official reports.
EXPLORE: Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs
The Review pointed out that Iran “is enhancing its cyber capabilities” and has displayed a willingness to launch disruptive and destructive operations against the UK following previous attacks on U.S. entities.
North Korea and Iran
The Democratic People’s Republic of Korea remains a notable cyber threat actor, targeting cryptocurrency and defense sectors to acquire funds and military intel. According to the NCSC, UK companies are facing risks from North Korean IT specialists disguising themselves as freelancers to generate additional income, as per the Review.
Critical infrastructure faces the highest vulnerability
“Enhancing the defense and resilience of critical infrastructure, supply chains, public services, and the broader economy becomes imperative to counter these state-led threats,” emphasized Horne.
Commenting on this escalating threat landscape, Ian Birdsey, a cyber expert at law firm Clyde & Co, highlighted in an email to TechRepublic: “As geopolitical tensions rise and global conflicts intensify, the UK has increasingly emerged as a prime target for adversarial nations. Consequently, threat actors hailing from these regions are unleashing more severe and sophisticated cyber assaults on UK entities, particularly within critical sectors and their supply chains.”
“As these sectors transition further into digital realms and interconnected networks, the velocity of these threats continues to surge. Cyber warfare is now an integral and recurring aspect of conventional military strategies,” he concluded.
About Author
