Business warned to take cyber threat seriously

A senior UK government minister has said cyber-crime is no longer simply a crime and should now be viewed as a national security threat in the UK and in other nations across the world.

In a speech in Belfast Chancellor of the Duchy of Lancaster Oliver Dowden warned criminals and hackers are now able to access sophisticated cyber tools which in the past had only been used by state backed hackers.

Dowden added: “We continue to live in a more dangerous, more volatile world – one that has far-reaching consequences for the British people.

“Now that’s partly a consequence of Russia’s aggression. It’s partly because of the growing economic coercion of other countries. And it’s also because of the way that climate change and technology continue to transform and disrupt our world.

“All of those things are putting our systems under more pressure than ever before.”

On the current cyber threat to the UK he explained: “It’s been a couple of months since the world was gripped by the progress of that Chinese balloon floating across the skies of the United States.

Now I’m sure you will recall that spy balloon dominated the headlines because it was a very visible symbol of America’s borders being breached by an uninvited guest. And yet every day, a combination of criminals, spooks, hacktivists and cyber soldiers silently and invisibly breach our digital defences – both in the UK and in the rest of the world.”

He said according to the latest assessments from the National Cyber Security Centre (NCSC), the most acute state threats in cyberspace continue to come from “those usual suspects – Russia, China, Iran and North Korea”.

“And there is another new front opening, as we see more and more adversaries able to buy and sell sophisticated cyber tools and spyware like Pegasus,” Dowden continued. “These are the types of tools that we used to only see in a handful of powerful state actors, and which can cause serious damage.

“So it’s something we are taking very seriously, and to which we are responding with our international partners. Meanwhile, cyber-crime is estimated to cost the UK billions of pounds each year.

“According to new figures published today, 32% of UK businesses and charities suffered a cyber breach or attack in the past year. That is a third of our businesses. And ransomware continues to run rampant.

“And as President Biden rightly recognised a few weeks ago, thanks to its scale and impact, ransomware is no longer just a crime. It is a national security threat – and our response needs to reflect the severity of that threat.

“These are attacks on our citizens, our businesses and our democracy. They are an attempt to undermine our society.”

He said the UK had grasped the need for urgent action early, and he been doing a lot over the past few years to strengthen its cyber defences.

“We have a new and effective cyber sanctions regime, which we recently used for the first time against a group of Russian cyber criminals as part of a joint campaign with the United States,” he explained. “And we are working closely with international partners to tackle the proliferation of sophisticated commercial cyber tools.

“At the same time, the government itself continues to face a range of attacks, including ransomware and espionage – and so we are constantly looking to strengthen our cyber defences.”

Dowden warned “a new adversary has emerged”.

“Over the last 18 months, the National Cyber Security Centre has seen the rise of several Russian-aligned groups sympathetic to Putin’s invasion of Ukraine,” He continued. “Now these are fringe state threats – the cyber equivalent of the Wagner group – and initially these groups focused their attacks on Ukraine and the surrounding region.

“But recently, they have begun to turn their attention to the UK and its allies. They are now seeking opportunities to compromise our Critical National Infrastructure. We have experienced attempted attacks in the past – but these groups operate differently.

“Instead of seeking to profit or spy on us, their primary motive is to disrupt or destroy our infrastructure. These adversaries are ideologically motivated, rather than financially motivated.

“Secondly, though these perpetrators are aligned to national actors, crucially, they are often not controlled by those foreign states. That makes them more opportunistic, and less likely to show restraint.

“Together, those factors make the current situation particularly concerning.”

In response the National Cyber Security Centre is issuing an official alert to operators of our critical national infrastructure, to highlight the risk they currently face.

That alert is now live on the NCSC’s website – along with a number of recommended actions that operators should follow right now, to increase their resilience and help defend our infrastructure against these attacks.

“Disclosing this threat is not something that we do lightly,” said Dowden. “This is an unprecedented warning for businesses.

“We have never publicly highlighted the threat from these kinds of groups attempting such attacks before. And I should stress that we do not think that they currently have the capability to cause widespread damage to our infrastructure in the UK.

“But we do believe it is necessary at this point in time, if we want companies to understand the current threat they currently face, and to take action to defend themselves and the country against such attacks.”

Dowden said: “The reality is that we in government can only do so much. Businesses large and small sit on the front line of our cyber defences.

“They face attacks on a daily basis – and any gap in that front line leaves us all vulnerable.”

As such he revealed the government will set “specific and ambitious” cyber resilience targets for all critical national infrastructure sectors to meet by 2025.

“These are the companies in charge of keeping our country running. Of keeping the lights on. Our shared prosperity depends on them taking their own security seriously – and that extends to their cybersecurity.

“A bricks-and-mortar business wouldn’t survive if it left the back door open to criminals every night.

“Equally in today’s digital world, businesses can’t afford to recklessly ignore cyber risks, either – to leave their digital back door open to cyber crooks and hackers. And while we’re doing this to combat certain risks, there is also a real opportunity for our businesses.

“We have a huge amount to gain by making the UK the safest country in the world to do business. Because the fact is that in today’s modern world, prosperity and economic security go hand in hand.

“Investors want to put their money in a safe country, in businesses that take security seriously.

So the safer we make our defences, the safer we make our country – and the more attractive we become as a destination for entrepreneurs and investors all over the world.”

Dowden added: “So this is my call to arms for businesses: look again at your security. Strengthen it wherever you can. The stronger your business, the stronger our economy, and the more prosperous we become together.”

“Over the last 18 months, the National Cyber Security Centre has seen the rise of several Russian-aligned groups sympathetic to Putin’s invasion of Ukraine, now these are fringe state threats – the cyber equivalent of the Wagner group – and initially these groups focused their attacks on Ukraine and the surrounding region.”

Oliver Dowden, Chancellor of the Duchy of Lancaster