Interesting article in The Times today part 13 Dec 2024 09:14
Britain now worse at dealing with cyberattackers, GCHQ says
Security centre boss warns that the UK’s resilience to hackers must improve as a matter of urgency.
Britain is complacent about cyberattacks and underestimates the threat from hackers, GCHQ’s cybersecurity chief has warned.
National defences have failed to keep up with the scale of the attacks, according to Richard Horne, chief executive of the National Cyber Security Centre (NCSC).
Despite the increase in hostile activity by Russia and China “we believe the severity of the risk facing the UK is being widely underestimated”, Horne will say in a speech on Tuesday.
He believes that organisations have failed to implement guidance from the NCSC to protect their networks.
“What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us,” Horne will warn at NCSC
The NCSC says in a review that “the gap between the threat and the cyber-resilience of the UK needs to close as a matter of urgency”.
Horne says: “There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cybercriminals. The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve.”
Two hospitals in Liverpool have suffered cyberattacks. Services at the Wirral hospital trust have been disrupted, echoing the paralysis suffered by London hospitals this year after a cyberattack on the pathology service Synnovis.
Last week suspected Russian hackers also threatened to publish sensitive patient data from Alder Hey children’s hospital.
In November grocers were affected after the supermarket supply chain company Blue Yonder was hacked, and panic alarms and trackers on Serco prison vans were disabled by an attack on Microlise, a software company.
“Cyberattacks are increasingly important to Russian actors, along with sabotage threats to physical security,” Horne adds, while “China remains a highly sophisticated actor, with increasing ambition to project its influence beyond its borders.”
The UK has blamed Beijing-linked groups for targeting MPs’ emails and the Electoral Commission database.
The NCSC warnings echo those from Peter Kyle, the science and technology secretary, who has said he was so alarmed by the situation in his first days in office that he prioritised new laws to plug gaps.
The NCSC will publish its annual review on Tuesday. The centre had to deal with 430 incidents last year, up from 371 in 2023. Of these, 89 were nationally significant, 12 of which were at the top end of the scale, up threefold on last year.
NCSC officials said most of the incidents were ransomware attacks, where hackers cripple an IT system and demand payment to unlock it.
Russian groups dominate the ransomware “industry” and are believ