The UK National Cyber Security Centre published its latest annual review earlier this week. If you're ever looking for an organisation with its finger on the button, the NCSC is your solution: as a wing of GCHQ and as the country's cyber security champion, it has unique insights and visibility of the full range of threats and risks.
Per the usual format of these publications, the review begins with forewords from the power players - the Deputy Prime Minister, the Director of GCHQ and the CEO of NCSC - and a quick scan of them gives you a fantastic primer about the key worry points, which are the undermining of democracy, attacks on public services, ransomware and the pace of change in AI. In amplification:
China, Russia, Iran and North Korea are identified as presenting the most significant Nation-State threats.
Ransomware attacks are seen as normalised, but data extortion without encryption is identified as a growing trend.
The commercialisation of cybercrime is noted as lowering the barrier to entry for both State and Non-State criminal actors.
Reported fraud is now overwhelming cyber-enabled (at 80% of cases), but there is relatively low recognition of the risk of victimisation in the public.
The threats to critical national infrastructure could become more disruptive and destructive.
AI will be exploited in cybercrime tradecraft.
Of the incidents reported to NCSC, more are at the top end of the scale of national significance than before.
Application vulnerabilities contribute the highest proportion of incidents handled by NCSC.
The next general election is expected to be targeted.
It's enough to make you want to stay in bed, under the covers!
However, as always, let's try to end on a positive. The report provides significant comfort about the efforts that NCSC is making to understand the threats and to increase the UK's resilience, which includes fostering collaboration and partnerships across the economy. Of course, there is no room for complacency, but my view is that the UK has world class cybersecurity experts and deep connections with equally talented partners all over the world. These are massive advantages. Provided that government maintains the focus on the threats and businesses, regulators and individuals do their part, we should continue to enjoy our freedoms and safe passage in the cyberspace.
