The 4 starkest NCSC takeaways – and why it matters

The NCSC – the UK’s cyber nerve centre and guiding body – unveiled its 2021 Annual Review to a rapt global audience last week.Amid the pandemic, Britain has been ravaged by ransomware, admitted new NCSC CEO Lindy Cameron (pictured).In no uncertain terms, it’s time Britain focused on a ‘whole of society approach to cyber,’ she said.Record breachesFive years after it was launched as part of a major national cyber push, the NCSC dealt with a record number of cyber incidents in 2021, with ransomware being the most prolific threat.About 20 percent of the attacks were linked to healthcare, with 4.4 billion potentially harmful interactions blocked for staff in the health sector, NHS and vaccine production by PDNS. Beware Russia and ChinaGlobal IT supplier SolarWinds being breached by the Russian Foreign Intelligence Service was one of the year’s most “significant incidents”, Cameron said, warning that Chinese actors are also cause for concern over the next decade. SC Media UK asked the experts to explore four key themes from this year’s announcement – and why they matter.1) Ransomware is rifeCyber adversaries are becoming more aggressive and diversified, using multiple attack vectors such as supply chain and third-party vulnerabilities, warned cyber criminologist, author and managing director of Sygnia Europe, Azeem Aleem.“The report shows the shadow of the pandemic continues to shape the threat landscape. Ransomware continues to evolve – specifically towards ransomware as a service and double extortion,” he warned.Smarter, more innovative reconnaissance tactics are being used by cybercriminals, Aleem said“They are aggressively automating threats and leveraging machine technology to operate their tools in a client environment.”Amanda Finch, CEO of Chartered Institute of Information Security, warned that ransomware must be treated “like a disease”.“Disease and cybercrime operate in similar ways: they are always trying to evolve, and their spread is largely determined by how well people understand them; whether people take the necessary precautions; and how quickly people react when the worst happens. You can’t completely eliminate the risks, but education is always the best place to start,” Finch told SC Media UK.2) Building visibility and resilience is keyAzeem said security programmes that focus on compliance alone are destined to fail. “There is no such thing as an isolated incident,” he said, adding that organisations are often overwhelmed by floods of data and intelligence. By relying on traditional tools such as SIEM and EDR for advanced monitoring, organisations are lacking full visibility into breaches, said Azeem.“Organisations must move from a reactive to a proactive and predictive strategy using actionable threat intelligence.”3) The cyber challenge belongs to us allThe overall rise in incidents isn’t the only cause for concern – cyber attacks are also unleashing societal harm.The real-world impact of cyber attacks in 2021 was stark: food supplies were affected, local fuel prices increased, citizens were denied access to public services, and the costs to businesses ran into hundreds of millions of pounds. “Cybersecurity is no longer a marginal, niche issue," said Saj Huq, head of cyber at UK innovation centre Plexal, which collaborates with the NCSC. “It’s now a strategic priority for the whole of society.”“Life today is dependent on technology. The hard definition between online and the real world is blurring,” added Sir Jeremy Fleming, director at the UK’s GCHQ.4) Filling the cyber gapsBut it’s not all bad news… the UK’s ecosystem is growing stronger by the day.“It’s great to see so many 11–17 year-olds introduced to the world of tech and cybersecurity through the NCSC’s CyberFirst programme, and in particular the CyberFirst Girls competition,” said Finch. Increasing diversity in the industry is vital, she said, adding that more diverse experiences nearly always lead to better ideas and stronger organisations.However, focusing on schools isn’t the only answer.“Cybersecurity needs diversity of all kinds – including people of different sexes, ages, races, disabilities, and life experiences. As a result, the industry still needs to make sure it’s hiring people from non-security backgrounds to give the breadth of experience it needs.”READ MORE: Ethical 'con artist' Jenny Radcliffe: 4 signs you're about to be breachedEnjoyed this? Sign up for exclusive weekly SC Media insights via our homepage – you'll get the analysis first

Your cyber intelligence source

The 4 starkest NCSC takeaways – and why it matters

Related content

Industrial Cybersecurity Under Attack in 2024

Thames Water Dismisses Claims on Cyber-Attacks

Stop! Think Fraud Campaign Launched, Encourages Two-Step Verification Use

NCSC Issues Warning on Black Friday Scams

Armis: Triple Extortion Attacks Becoming More Common

Northern Schools and Academy Locked Down by Ransomware

Scottish Government Joins AI and Cyber International Alliance

Upcoming Events

The 4 starkest NCSC takeaways – and why it matters

Related content

Industrial Cybersecurity Under Attack in 2024

Thames Water Dismisses Claims on Cyber-Attacks

Stop! Think Fraud Campaign Launched, Encourages Two-Step Verification Use

NCSC Issues Warning on Black Friday Scams

Armis: Triple Extortion Attacks Becoming More Common

Northern Schools and Academy Locked Down by Ransomware

Scottish Government Joins AI and Cyber International Alliance

Upcoming Events

Confirm cancellation

Sign up benefits