CybersecurityU.K. industry warned that cybercriminals are imitating nation state attacks

The annual assessment of the biggest cyberthreats to U.K. businesses has been published the other day, after being produced jointly for the first time by the National Crime Agency (NCA), National Cyber Security Center (NCSC). and industry partners from multiple sectors.

The assessment — the most detailed of its kind to date — emphasizes the need for increased collaboration among industry, government, and law enforcement in the face of a growing and fast-changing threat.

The NCA notes that the report discusses the trend of criminals imitating the way suspected nation state actors attack organizations such as financial institutions, and the risk posed by the ever-increasing number of connected devices, many of which are not always made secure by manufacturers or users.

It also highlights increased levels of aggressive and confrontational cybercrime, particularly through Distributed Denial of Service (DDoS) attacks combined with extortion, and ransomware, which encrypts victim computers and demands a ransom in return for restoring control to the user.

Particularly through the contribution of the private sectors companies forming the Strategic Cyber Industry Group, the report notes the cyber security challenges faced by businesses, and urges them to report all cybercrime to ensure the United Kingdom has an accurate intelligence picture.

The assessment additionally highlights the resources available to companies of all sizes, particularly the large firms which often present the most attractive targets for attackers.

The report was presented at the NCSC’s Cyber U.K. Conference in Liverpool, yesterday (14 March).

Donald Toon, Director for economic and cybercrime at the National Crime Agency, said:

“We have worked with the NCSC and valued private sector partners to produce this assessment, setting out an up to date picture of threats to business including ransomware, DDoS and evolving financial Trojans. These threats demonstrate the need for a collaborative response across industry, law enforcement and government, with the ultimate aim of protecting customers and the U.K. economy.

“Businesses reporting cybercrime is essential if we are to fully understand the threat, and take the most effective action against it.  And while 100 percent protection doesn’t exist, making cyber security an organizational priority and ensuring up to date processes and technology can protect against the vast majority of attacks.

“The NCA and its partners continue to have significant success against cybercrime, through identifying and arresting criminals at home and abroad, working to deter young people from becoming involved in criminality, and disrupting the ways in which criminals make and launder their money.”

Ciaran Martin, CEO of the National Cyber Security Center, said:

“The National Cyber Security Centre exists to benefit the whole country, so we are delighted to be here in Liverpool - the UK’s first ‘Smart City’ — to share knowledge and expertise with many of our essential partners.

“As the national technical authority for cyber security in the United Kingdom, the NCSC agenda is unashamedly ambitious; we want to be a world leader in cyber security.

“Cyberattacks will continue to evolve, which is why the country must work together at pace to deliver hard outcomes and ground-breaking innovation to reduce the cyber threat to critical services and deter would-be attackers.

“No single organization can defend against the threat on its own and it is vital that we work together to understand the challenges we face. We can only properly protect U.K. cyberspace by working with others with the rest of government, with law enforcement, the Armed Forces, our international allies and, crucially, with business and wider society.”

Don Smith, technology director, SecureWorks and Strategic Cyber Industry Group representative, said:

“The development of technology throughout history has given smart criminals new ways to get what they want: email spawned the development of phishing and spam; online banking led to the creation of viruses that target bank accounts; and the Internet of Things will doubtless bring opportunities for new methods of attack. Many businesses face understandable difficulty in reporting cybercrime incidents, but knowing that revealing such information might prevent further harm to their business is essential. This assessment proves that collaboration is key to protecting our assets and targeting cyber criminals.”