UK cyber watchdog sounds preparation warning after sharp rise in significant attacks

The number of significant cyber attacks doubled in the last year, despite the National Cyber Security Centre (NCSC) receiving the same amount of calls for support during the same period.

But the headline-grabbing attacks on the likes of Jaguar Land Rover, Marks and Spencer and Co-op underline how hackers are targeting significant national organisations and infrastructure in their attempts to penetrate cyber defences.

Stuart Davey, a cyber risk expert with Pinsent Masons, said: “The NCSC report chimes with our experience of engaging with clients: the high profile cyber attacks this year have elevated cyber risk up the agenda of boardrooms.

“Whether those senior leaders choose to respond to this risk is a decision for those organisations. However, reading the open letter from the Co-op’s CEO must surely emphasise why taking this threat seriously is so important.”

His warning comes as the NCSC issued its annual report, highlighting the increased risk to infrastructure and nationally significant organisations from cyber attack.

The NCSC revealed it had investigated 429 incidents in the year, but that 204 of those – 48% – were classed as ‘nationally significant’. Of those, 18 were in the top category of alert: up 50% on the previous year and a third consecutive year of increase in the category.

While the NCSC is launching a cyber security toolkit for businesses to help improve their resilience and preparation in case of a hack, the report also warns that companies in the UK have to do more to protect themselves from malicious attacks.

“While the cyber threat evolves, one thing remains constant; cyber criminals continue to exploit basic weaknesses in systems,” the report warns.

“Despite this, many UK organisations still aren’t guarding against even the most basic cyber threats. We need more organisations to take action now, to put in place the foundational cyber security controls that will raise both their resilience and that of the wider UK.”

The centre urged businesses to make use of early warning feeds, have better contingency planning – and keep those plans available offline – and have insurance, which can be available free for smaller firms completing its cyber essentials training programme.

Simon Colvin, a technology expert with Pinsent Masons, said: “All too often we see vulnerabilities in the supply chain as the key entry point for the cyber attack”.

“That may be a helpdesk or another service where the attacker can gain access to the main business systems. So more than ever it is essential for businesses to be looking at their supply chain arrangements and assessing any contractual gaps or operational vulnerabilities. The NSCS guidance underlines that need, so businesses need to act now.”