Ransomware and Covid-related cybercrime ‘biggest threats to UK security’

National Cyber Security Centre chief executive Lindy Cameron was speaking at Chatham House’s Cyber 2021 Conference.

Martyn Landi
Monday 11 October 2021 14:30
Ransomware attacks present ‘the most immediate danger’ to the UK, the head of the National Cyber Security Centre has said, with cyber attacks linked to the Covid-19 pandemic also likely to be prevalent for many years to come (Yui Mok/PA)
Ransomware attacks present ‘the most immediate danger’ to the UK, the head of the National Cyber Security Centre has said, with cyber attacks linked to the Covid-19 pandemic also likely to be prevalent for many years to come (Yui Mok/PA)

Ransomware attacks present “the most immediate danger” to the UK, the head of the National Cyber Security Centre (NCSC) has said, with cyber attacks linked to the Covid-19 pandemic also likely to be prevalent for many years to come.

Lindy Cameron warned that cybercriminals and other malicious actors continue to see ransomware as an “attractive route” as long as firms do not adequately protect themselves or agree to pay the ransom when attacked – something the NCSC has encouraged companies not to do.

Ms Cameron was speaking at Chatham House’s Cyber 2021 Conference and marking her first year in the post of chief executive at the NCSC, warning that businesses need to do more to protect themselves.

Ransomware is a form of cyber attack which locks files and data on a user’s computer and demands payment in order for them to be released back to the owner and has been used as part of a number of high-profile cyber attacks in recent years, including the 2017 attack on the NHS.

“Ransomware presents the most immediate danger to UK businesses and most other organisations,” she said.

We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay

Lindy Cameron, National Cyber Security Centre

“Many organisations – but not enough – routinely plan and prepare for this threat, and have confidence their cybersecurity and contingency planning could withstand a major incident. But many have no incident response plans, or ever test their cyber defences.

“We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay. We have been clear that paying ransoms emboldens these criminal groups – and it also does not guarantee your data will be returned intact, or indeed returned at all.”

Ms Cameron also warned that criminals and state-backed groups will continue to use the pandemic as a vehicle for cyber attack – whether it be to target information around vaccines or by stoking fears to carry out scams.

“The coronavirus pandemic continues to cast a significant shadow on cybersecurity and is likely to do so for many years to come,” she said.

“Malicious actors continue to try and access Covid-related information, whether that is data on new variants or vaccine procurement plans.

“Some groups may also seek to use this information to undermine public trust in government responses to the pandemic. And criminals are now regularly using Covid-themed attacks as a way of scamming the public.”

She named Russia and China as the biggest threats to national cybersecurity – noting this would not come as a surprise to industry experts – and also named Iran and North Korea as threats, but added that the “vast majority of hostile cyber activity” that people in the UK will experience will come from “criminals, rather than nation states”.

Improving our resilience also plays a key role in deterring cyber attacks as our adversaries will see that an attack against the UK is likely to be less effective and the perceived benefits will be reduced

Lindy Cameron, National Cyber Security Centre

The cybersecurity chief said the key defence against attack was “resilience” by improving security in general but also boosting skills and understanding of cyber threats across businesses and the public, arguing that “responsibility for understanding cybersecurity risk does not start and end with the IT department”.

“We need Britain’s businesses and organisations to understand the threats they face,” she said.

“And we need the Great British public to have the skills to help them stay safe and technology that removes the security burden on their daily lives, making them safer by default.

“Cybersecurity is absolutely critical to delivering key Government strategies from boosting national resilience to making the UK a science and technology superpower.

“To meet the challenge of the future, we must not only build on our successes to date, but take our cybersecurity to the next level of scale and automation to meet the threats we will face in the next decade.

“Improving our resilience also plays a key role in deterring cyber attacks as our adversaries will see that an attack against the UK is likely to be less effective and the perceived benefits will be reduced.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in