Despite being a technologically developed country, the UK faces an uphill struggle against advancing cyber threats. As a leading economy with significant influence on global affairs, it has become a target for nation-state hacking groups from various countries who have set their sights on government agencies, defense organizations, critical infrastructure and industries to gather intelligence, disrupt operations or gain a strategic advantage.
For example, in November 2022, Russian-affiliated hacktivist group KillNet launched DDoS attacks on multiple UK websites, including the Royal Family, in response to the government’s support for Ukraine.
Ransomware attacks have also become a significant concern. Cyber-criminals deploy ransomware to encrypt systems and data, demanding a ransom payment in exchange for restoring access. These attacks can disrupt critical services, affect businesses and cause financial losses. Ransomware attacks have targeted both government institutions and private organizations. For example, in January 2023, Royal Mail overseas deliveries were disrupted by a ransomware attack carried out by Russia-affiliated group LockBit, who later leaked the data and renewed its demands.
Supply chain attacks have also increased in volume and severity over the last few years. By targeting the software or hardware supply chain to compromise trusted products or services, attackers can gain unauthorized access to organizations’ networks, distribute malware or conduct other malicious activities.
These attacks pose significant risks to UK organizations, including government agencies and private enterprises. In March 2023, North Korea-linked threat actors corrupted a vulnerability in the VoIP system 3CX to launch a large-scale supply chain attack. It was later discovered that the breach was linked to another incident in the financial trading platform Trading Technologies.
Social engineering techniques, such as phishing and business email compromise (BEC), are also commonly used to trick individuals into revealing sensitive information or downloading malware. According to our research, email-delivered attacks account for 86% of all file-based attacks in the wild, and they are getting more sophisticated. Phishing Scams 3.0, which impersonate a trusted person or service, have boomed in the last few months, with 33,817 attacks in February and March alone.
The volume of attacks is also not equal across different vertical sectors, with education and healthcare being targeted more frequently than others. These industries often handle sensitive data, perform critical services to citizens and are increasingly reliant on networked devices, which makes them very attractive to cyber-criminals. This year, Vice Society claimed responsibility for a ransomware attack on the University of Duisburg-Essen, while the US healthcare software provider NextGen reported a data breach that compromised the personal records of more than 1 million patients.
In response to the volume and severity of attacks, governments, law enforcement agencies and cybersecurity organizations are working collaboratively to mitigate threats, enhance cybersecurity capabilities, raise awareness and promote best practices to protect critical assets and infrastructure. There have been global champions leading the charge. Earlier this year, the FBI, Department of Justice (DoJ) and international partners successfully disrupted the notorious ransomware group Hive, preventing more than $130 million in payouts.
While the UK government has made progress in bolstering cybersecurity regulations through the Network and Information System (NIS) Regulations, as a nation, we are falling behind other countries when it comes to building resilience to cyber-attacks. That is why it is important to look at what impact and influence we can have at the CISO level that will enable change at the macro level.
Evolution of the CISO
The role of the CISO has evolved significantly over time due to various factors, including technological advancements, evolving cyber threats and increased recognition of the importance of cybersecurity within organizations. We often hear them talking about the demands put upon them to build succession plans that can be implemented at short notice and programs of improvement, such as incident response, vulnerability management and data loss prevention.
They must adhere to complex regulatory compliance, all while reducing operating costs and demonstrating return on investment. This is compounded by the fact there is a chronic skills shortage.
In the past, the CISO was primarily involved in technical aspects of information security. However, over time, organizations have realized the strategic significance of cybersecurity and the need for a CISO to have a broader understanding of business goals and risk management.
CISOs now often play a more prominent role in strategic decision-making processes and work closely with senior management and the board of directors to align security initiatives with business objectives. They are also more likely to have a seat at the boardroom table. They are expected to provide regular updates on security posture, present risk assessments and communicate the potential impact of cybersecurity threats on business operations and reputation.
All of this comes with another layer of personal liability. We have seen cases of CISOs being held personally responsible for incidents, as was the case with Joe Sullivan, former Uber Chief Security Officer, who was sentenced to three years probation for covering up the 2016 theft of more than 57 million records and 600,000 driving licenses.
Getting Proactive with Cybersecurity
The UK faces a wide range of cyber threats that have the potential to disrupt its economy, compromise national security and impact the daily lives of its citizens. From state-sponsored cyber espionage to cyber-criminal activities, the evolving threat landscape poses significant challenges for the UK’s cybersecurity efforts.
To combat these threats, the UK government has been working diligently to enhance its cyber defenses, invest in cybersecurity capabilities and collaborate with international partners. Initiatives such as the National Cyber Security Centre (NCSC) and the implementation of the Cyber Essentials program have been instrumental in improving the overall cybersecurity posture of the country.
However, the fight against cyber-attacks requires continuous adaptation and innovation. Collaboration between the government, industry and academia is essential for sharing intelligence, best practices and coordinating responses to cyber incidents. With a comprehensive and proactive approach, the UK can mitigate the risks posed by cyber-attacks and ensure the resilience of its digital infrastructure, safeguarding the nation’s interests in an increasingly interconnected world.