Cyber-attacks rise by 50% in past year, UK security agency says
|
Version 0 of 1. Officials say increased dependence on technology leaves society more vulnerable to threats such as ransomware “Highly significant” cyber-attacks rose by 50% in the past year and the UK’s security services are now dealing with a new nationally significant attack more than every other day, figures from the National Cyber Security Centre (NCSC) have revealed. In what officials described as “a call to arms”, national security officials and ministers are urging all organisations, from the smallest businesses to the largest employers, to draw up contingency plans for the eventuality that “your IT infrastructure [is] crippled tomorrow and all your screens [go] blank”. The NCSC, which is part of GCHQ, said “highly sophisticated” China, “capable and irresponsible” Russia, Iran and North Korea were the main state threats, in its annual review published on Tuesday. The rise is being driven by ransomware attacks, often by criminal actors seeking money, and society’s increasing dependence on technology which increases the number of hackable targets. The chancellor, Rachel Reeves, the security minister, Dan Jarvis, and the technology and business secretaries, Liz Kendall and Peter Kyle have written to the leaders of hundreds of the largest British companies urging them to make cyber-resilience a board-level responsibility and warning that hostile cyber-activity in the UK has grown “more intense, frequent and sophisticated”. “Don’t be an easy target,” said Anne Keast-Butler, the director of GCHQ. “Prioritise cyber risk management, embed it into your governance and lead from the top.” NCSC dealt with 429 cyber incidents in the year to September and nearly half were classed as of national significance – more than doubling in the past year. Eighteen were “highly significant”, which means they had a serious impact on the government, essential services, the mass population or the economy. Most of those were ransomware incidents, including the attacks that significantly affected Marks & Spencer and the Co-op Group. “Cybercrime is a serious threat to the security of our economy, businesses and people’s livelihoods,” said Jarvis. “While we work round the clock to counter threats and provide support to businesses of all sizes – we cannot do it alone.” The NCSC declined to comment on reports that one line of investigation into the crippling attack on Jaguar Land Rover, which has halted manufacturing, is examining Russian involvement. It said Russia is inspiring informal “hacktivists” who are targeting the UK and the US, as well as European and Nato countries. Overall, the number of attacks in the year to September represented the highest level of cyber threat activity recorded by the NCSC in nine years. Over the 12 month period, the UK and its allies uncovered a Russian military unit carrying out cyber-attacks for the first time, issued advice to counter a China-linked campaign targeting thousands of devices and raised the alarm over cyber-actors working for Iran, according to the NCSC. But the threat is also homegrown, and last week two 17-year-olds were arrested in Hertfordshire over the alleged ransomware hack of children’s data from the Kido nursery chain. Hackers are also increasingly using artificial intelligence (AI) to sharpen their operations, and while the NCSC has yet to face an attack initiated by AI, it said: “AI will almost certainly pose cyber-resilience challenges to 2027 and beyond.” “We do see our attackers improving their ability to cause real impact, to inflict pain on the organisations they have breached and those who rely on them,” said Richard Horne, the NCSC’s chief executive. “They don’t care who they hit or how they hurt them. That is why we need all organisations to act.” He stressed the emotional impact of becoming a victim of cyber-attacks and said: “I’ve sat now in too many rooms with individuals who have been deeply affected by cyber-attacks against their organisations … I know the impact the disruption has on their staff, suppliers and customers, the worry, the sleepless nights.” |