metamorworks - stock.adobe.com

NCSC boss calls for ‘sustained vigilance’ in an aggressive world

NCSC CEO Richard Horne is to echo wider warnings about the growing number and severity of cyber threats facing the UK as he launches the security body’s eighth annual report

This article can also be found in the Premium Editorial Download: Computer Weekly: On the road to change at Aston Martin

Richard Horne, the new CEO of the UK’s National Cyber Security Centre (NCSC), is today calling for “sustained vigilance in an increasingly aggressive online world” amid warnings of a growing gap between the risks the country faces, and its ability to counter them.

Speaking at an event in London to mark the publication of the NCSC’s eighth Annual Review, Horne will highlight the growing threat from nation state-backed threat actors, and call for UK Plc to work harder to boost their collective resilience.

“What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us,” Horne will say.

“What is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.

“The NCSC, as the National Technical Authority, has been publishing advice, guidance and frameworks since our inception, in a bid to drive up the cyber security of the UK,” he will say. “The reality is that advice, that guidance, those frameworks need to be put into practice much more across the board.

“We need all organisations, public and private, to see cyber security as both an essential foundation for their operations and a driver for growth. To view cyber security not just as a ‘necessary evil’ or compliance function, but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.”

Echoing remarks made by the chancellor of the Duchy of Lancaster, Pat McFadden, at a November Nato conference – which led to criticism by security experts who accused the minister of unnecessary hyperbole – Horne will also highlight the “high-stakes” contest the UK and her core allies are currently engaged in against hostile threat actors, especially those backed by China and Russia.

Read more about the NCSC’s work

  • The UK and its allies must take collective action to improve their cyber resilience and repel the increasing volume of severe cyber attacks, says NCSC chief.
  • The National Cyber Security Centre is expanding its PDNS for Schools service to encompass a wider variety of institutions up and down the UK.
  • The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks.

According to Horne, hostile activity against UK targets has increased in its frequency, sophistication and intensity over the past months, with threat actors increasingly leveraging society’s dependence on technology against it to cause maximum disruption.

Highlighting the real-world impact of cyber attacks, Horne will warn there is no room for complacency about the severity of such incidents, whether they be financially or politically motivated.

“The defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve,” he will say. “In the past year, we have seen crippling attacks against institutions that have brought home the true price tag of cyber incidents. 

The attack against Synnovis showed us how dependent we are on technology for accessing our health services. And the attack against the British Library reminded us that we’re reliant on technology for our access to knowledge. 

“What these and other incidents show is how entwined technology is with our lives and that cyber attacks have human costs.”  

“Diffuse and dangerous”

With the threat landscape over the past 12 months described as “diffuse and dangerous” by the NCSC, the organisation’s latest review highlights the rising frequency of attacks and their severity.

Since its last report at the end of 2023, the war in Ukraine has continued to fuel a volatile threat landscape with no let-up in hostile Russian actions against Ukrainian targets, and attempts to interfere in Nato states’ systems now routine.

China, meanwhile, remains a sophisticated and capable threat actor, as various disclosures and warnings this year have shown. Iranian threat actors are as aggressive as ever, and North Korean-backed hackers continue to prioritise revenue-raising to prop up the isolated regime, although they are increasingly engaged in espionage, too.

When it comes to cyber criminal activity, ransomware remained the most pervasive threat facing everyday UK organisations in 2024, with the NHS and associated bodies particularly heavily targeted.

All told, the NCSC’s Incident Management team handled 430 incidents during the course of the past 12 months, up from 371 the previous year. Of those, 347 involved data exfiltration and 20 involved ransomware. The most heavily impacted sectors – in the NCSC’s reporting – were academia, manufacturing, IT, legal, charities and construction.

The team also proactively issued almost 550 bespoke notifications – more than double the number in 2023 – to inform organisations of an in-progress cyber incident affecting them, and offering advice and guidance. About half of those related to observed pre-ransomware activity, giving organisations a jump start on detecting and evicting cyber criminals from their networks before they had a chance to deploy ransomware.

Read more on Hackers and cybercrime prevention