Dr Richard Horne, CEO of the National Cyber Security Centre (NCSC), has issued a stark warning about the growing cybersecurity threats facing the UK.
In his first review since taking the helm, Horne emphasised that the UK finds itself in a “contest for cyberspace” between legitimate users and malicious actors seeking to exploit digital dependencies.
“What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between, on the one hand, the threat and our exposure to it and, on the other, the defences that are in place to protect us,” said Horne.
Tom Kidwell, former British Army and UK Government intelligence specialist and co-founder of Ecliptic Dynamics, reinforced Horne’s concerns about state actors: “When we think about cyber risks we tend to think of criminal cyber gangers as carrying out everyday attacks motivated by finance and state as longer term, slower burning threats.
“The NCSC chief inferred that something will get through eventually, to someone. We don’t understand, or maybe don’t acknowledge, the level of threat because it’s not obvious or apparent today. This is why it’s critical for the UK to not only consider how we stop an attack, but also how we will react if an attack does happen.”
The NCSC chief highlighted recent high-profile cyberattacks, including those against Synnovis and the British Library, as examples of how entwined technology has become with daily life and the substantial human costs of such incidents.
Dr Muhammad Ajmal Azad, Senior Lecturer in Cybersecurity at Birmingham City University, noted: “The weakest link in cybersecurity is still its human users but are still neglected in the design process.” He advocates for more human-centric solutions and real-time collaborative platforms for sharing threat information.
Horne pointed to Russia and China as particular concerns. Following recent warnings from the Chancellor of the Duchy of Lancaster about Russian cyber aggression, Horne noted that Chinese state-affiliated actors pose a sophisticated threat with increasing global ambitions.
Mark Jow, Technology Evangelist, EMEA at Gigamon, said: “Cybersecurity efforts can no longer remain static, and must be become more dynamic, especially as threats rise, with 43 legacy systems at critical risk levels alone this year and research showing that 1 in 3 businesses are unable to detect breaches.
“Accountability is crucial, and businesses must be held fully accountable for improving the UK’s level of cyber preparedness by building resilience through proactive and holistic strategies, ensuring security by design principles, and having real-time visibility and insight into everything that enters, leaves and moves between every element of its infrastructure, including encrypted data which is often an organisations Achilles’ heel.”
The NCSC believes the severity of cyber risks facing the UK is being widely underestimated. Research revealed that organisations implementing Cyber Essentials controls are 92% less likely to make cyber insurance claims.
Kidwell emphasised the importance of preparation: “Organisations can’t rely on ‘Why would anyone want to do X to us’. If it’s a state act of hostility, it’s to disrupt the UK economy – which all UK businesses are part of – meaning they could be viewed as a legitimate target for disruption.”
Looking ahead, Horne emphasised the importance of the new Cyber Security and Resilience Bill in strengthening the cybersecurity defences of the UK against increasing threats.
“It’s not enough any more to talk about being resilient,” Horne concludes. “We must all take the crucial steps that bolster our defences, that improve and grow our capability to contest.”
See also: Cyber threats surge from state-sponsored and criminal actors
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
