So-called ‘hackers for hire’ and the development of off-the-shelf software are now a major threat to UK business and government, intelligence chief Sir Jeremy Fleming has warned.
Sir Jeremy, who heads up the agency GCHQ, warned criminals can carry out attacks using sophisticated cyber tools.
This could lead to an increase in risk and unpredictability to all sections of British society, he said.
He told the National Cyber Security Centre, a branch of GCHQ: ““We’re seeing a change in those who can carry out cyber attacks.
“This shift leads us to expect that commercial availability of cyber capabilities will increase the future threat to the cyber security of the UK.”
The problems are being exacerbated by the war in Ukraine and the global disruption it is causing.
The NCSC has said ‘ransomware’ – used by criminals to extort money from vistims of cyber attacks – are the biggest threat to British national security and businesses.
Many cybercriminal networks are suspected to be operating with impunity in and around Russia, possibly with the tacit approval of the Kremlin.
Criminal gangs target and shut down the victim’s computer network until the ‘ransom’is paid – often using cryptocurrency.
Among the most vulnerable to attack are businesses which rely on internet-based logistics or supply chains. Customers who rely on the smooth operation of the company affected will then suffer immediate problems.
There have been dozens of recent UK examples which have been unforeseen.
Some companies will claim they do not succumb to ransom demands – but, in reality, many do.
NCSC Lindy Cameron said: “It’s vital that organisations treat cyber security as a genuine board level risk. This is a risk issue which CEOs need to take seriously.”
However, most UK cyber crime is as a result of low level criminal activity.
Cameron added: “Low-sophistication cyber crime continues to be a scourge to the British public.”
But there were 2.7m cyber-related frauds in the year up to March 2022, she said.
Phishing emails, which ape certain online services, are still a common method of attack.
Camerom said: “People are becoming more cyber aware and contributing to our resilience.”
While cyber resilience in the UK has continued to improve, there remain serious gaps in the nation’s defences, she warned.
ABOUT THE NCSC
The UK’s cyber security mission is led by the National Cyber Security Centre (NCSC), which is a part of GCHQ.
The NCSC helps protect the UK’s critical services from cyber attacks, manages major incidents, and improves the underlying security of the UK Internet through technological improvement and advice to citizens and organisations.
It supports the most critical organisations in the UK, the wider public sector, industry and small and medium enterprises (SMEs). When incidents do occur, the NCSC provides effective incident response to minimise harm to the UK, helps with recovery, and learns lessons for the future.
During the Covid-19 pandemic, protecting the NHS and the health sector more widely has been the top priority for the NCSC. It has been working hard to ensure organisations can keep themselves secure.
There has also been a significant amount of support provided for organisations and businesses working from home during the pandemic, and in April the NCSC launched Cyber Aware, the UK government’s advice on how to stay secure online during COVID-19.
At the same time, The NCSC introduced the pioneering Suspicious Email Reporting Service, which allows the public to forward suspect emails to [email protected]. In the first four months of the service being introduced, more than two million reports were received from the public, leading to the removal of over 9,000 scams and 22,000 URLs.