It shouldn’t come as any surprise that cyber criminals and nation states with malign intent have been the faces of cyber-threat for a number of years now. What has changed is their goals, the level of organisation and refinement in their operations, as well as the tools they use and the ease-of-access and relative ease-of-use with regards to these tools.

With this in mind, over about the last 18 months, cybersecurity threats to the UK has evolved significantly.

But. as Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), laments, some elements have remained sadly familiar.

She says: “Firstly, the threat from ransomware is ever present. It’s a really big challenge. In fact, the biggest challenge we would say, to businesses and public services throughout the UK.

“The biggest threat for citizens and small businesses, comes from cybercrime with 2.7 million cyber-related frauds perpetrated last year.

“With regards to state threats, then Russia’s brute force invasion of Ukraine brought the potentials of cyber threats to a much sharper focus, as they sought to use disruptive cyber operations to destabalise our support of the Ukrainian military campaign.”

Looking towards China, what we see is an increasingly sophisticated kind of threat with regards to the supply chain, and ways in which they seek to disrupt that on a global scale.”

Geo-political/Nation State

Cameron states that at the NCSC, they talk about three nations that, in particular, post acute threats to the UK and to global cybersecurity – from destructive cyber-tools to cyber-enabled espionage.

There are arguably few that haven’t been closely following Russia’s illegal invasion of Ukraine, and while much of the coverage of that conflict has been starkly physical and visceral, cyber-operations have had a damaging role in the war, with a significant impact directly on the UK resulting from that invasion.

Cameron expands by saying: “Russia continues to be a persistent and active threat to us, which is why the NCSC continues to guard against complacency, and asks people to continue to invest in their own resilience.”

The NCSC head goes on to talk about China’s ever-evolving ambitions in cyber-space, seeking that country seeks “dominance” in this space.

She adds: “China has directed significant resources into emerging tech research and development, artificial intelligence, quantum computing, and semiconductors, their activities become quite a lot more sophisticated, and increasingly targets third party technology and service supply chains, as well as successfully exploiting software vulnerabilities that doesn’t show any sign of abating.

“In fact, that’s partly why we at NCSE work so closely with international partners, both in the public and private sector. Together, we’re doing our best to use the full spectrum of levers to detect, disrupt and deter those who do us harm.”

Finally, Cameron discusses the DPRK – the isolationist nation under the thrall of totalitarianism that has put more and more resources into its infamous hacker schools – leveraging blockchain technologies and crypto mixers to fund it’s government through elaborate heists and social engineering scams.

On this, Cameron says: “North Korea focuses their cyber activity with a commercial advantage in mind, using its cyber capability to bolster its economic situation.”

Looking at how these Nation State actors may attack businesses (within and sometimes outwith their broader agenda), Cameron highlights just how dependent businesses are on both IT and more general supply chains, but criminals are also unfortunately aware of the vulnerabilities this brings.

She says: “What we’ve seen is a number of parts of organisations supply chains being quite vulnerable to compromise.

“Your software vendors, for example, your managed service providers, your cloud providers, and while we see criminals, targeting them for profit, we also see foreign states looking to exploit those for data or information advantage.

“I think the point is that sometimes people think about protecting their organisation just as walling off the organisation that they can see. But in fact, it may well be that the partners you’re working with, the procurement you’ve done  provides an easier entry point for somebody who wants to target your organisation, whether that’s intentionally targeting you or whether that is accidentally including you in a set of organisations that are compromised by somebody else.”

Ransomware

Ransomware is the biggest concern for business in the UK.

In particular, it’s a concern for large organisations that are potentially a source of profit for cyber criminals. Naturally, Cameron had plenty to say on the topic.

She says: “”When we see smaller organisations being caught by ransomware criminals, it tends to be incidentally or as part of a wider attack. Whereas I think larger organisations provide criminals with a way to extract or extort a big enough ransom that it’s profitable for them.

“We’ve of course seen the model evolving to becoming ransomware-as-a-service, where different parts of the criminal ecosystem specialise in different parts – whether it’s finding the victims, compromising the victims or offering to help you pay the ransom.

“What we do know is that it’s really devastating, both in the short and long-term, it can take organisations a long time to recover. And if they’re not well prepared, it can have a really significant immediate impact on a business’s ability to operate, or indeed on trust.

“For example, with your customers or your suppliers, it’s compromising data, and damaging the organisation’s reputation, as well as impacting their direct service delivery.”

Cameron goes on to compel organisations to plan for that worst case scenario, understand how it is you can be prepared, and indeed, ensure you have the framework to see something happening as fast as possible.

How can businesses protect themselves?

Cameron states that there are simple steps that businesses can take to better protect themselves and recover from any potential incident.

“Exercise your cyber incident response plan,” she says, claiming that she’s seen plenty incidents where somebody has realised that their cyber response plan was in fact locked on to a computer that had been compromised by hackers.

“Have a plan, make sure you know where it is, make sure you know that it’s what it says.”

Secondly, Cameron says that conducting regular cybersecurity assessments can help you to identity vulnerabilities and the steps that you need to take to rest them.

With regards to the third step, Cameron says: “Have a comprehensive cybersecurity framework. Make sure that you’ve got policies, procedures, technologies to protect yourself against cyber threats, reviewing it regularly.

“It’s about providing training for employees… helping to increase awareness amongst your employee base of what they can do to improve their own personal cybersecurity, whether that’s at work or at home, helps to make you a safe organisation, backing up your important data. In particular, make sure that you’ve got a secure offline backup of your really key data and that you know what data you hold, which, of course, is something the Information Commissioner would expect you to know.

“But this is also really important to speed up your recovery, if you understand pretty rapidly the kind of data that you hold and what you might have lost. And that you’re able to back it up effectively.”

As well as these key points around safe-guarding your data, ensuring a strong password culture in your organisation is of utmost importance, as well as using multi-factor authentication.