Many of the recent cyberattacks that have hit the headlines were avoidable, said head of the UK’s National Cyber Security Centre (NCSC) Lindy Cameron, as she warned that ransomware is the most immediate cybersecurity threat to UK businesses.
In a speech to mark her first year as CEO of the NCSC, delivered at Chatham House, Cameron said: “Many – in fact actually the vast majority – of these high-profile cyber incidents can be prevented by following actionable steps that dramatically improve an organisation’s cyber resilience.” She said responsibility for cybersecurity risks should not be confined to the IT department. “I don’t think any chief exec would get away with saying they don’t need to understand legal risk because they have a general counsel. I think the same should be true of cyber risk. This is a board-level issue,” Cameron said.
“Not enough” businesses and public sector operations routinely plan and prepare for ransomware attacks, Cameron said, and many are without incident response plans or regularly test that their cyber defences can withstand an attack. “We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay,” Cameron said, adding that paying ransom demands “emboldens these criminal groups – and it also does not guarantee your data will be returned intact, or indeed returned at all”.
Ransomware should not be a risk we have to live with, Cameron said. She added that cybercriminals based in Russia and its neighbouring countries are responsible for the majority of the most serious ransomware threats against UK targets.
Supply chain attacks are also likely to increase, Cameron said, especially as technology supply chains grow in complexity during the next few years. The SolarWinds attack exposed the need for governments and businesses to be more resilient should a key technology supplier be compromised. Businesses and organisations should check security with suppliers and incentivise good security practices, Cameron said, and should also make their own operations resilient to potential compromises in their supplier’s system.
The pandemic continues to “cast a significant shadow” on cybersecurity, Cameron said, which is likely to continue for many years. She said malicious actors are still trying to access Covid-related information from data on new variants and vaccine procurement, while also scamming the public using Covid-themed attacks.