Former GCHQ deputy head: Covid-19 has increased cyber vulnerability

The Covid-19 pandemic has simultaneously accelerated our digital dependency and expanded the opportunity for cyber-attacks, with an increased vulnerability for those working from home.

These was the stark warning from Conrad Prince, senior adviser on cyber for Pool Re and former director general for operations and deputy head of GCHQ.

Prince was speaking as part of the panel session on ‘Hostile Cyber: The boundaries of insurability’, which was held on the first day of this year’s conference of the International Forum on Terrorism Risk (Re)Insurance (IFTRIP).

At the same time, Prince added, we are now dealing with ever more sophisticated supply chains, with risks which are more difficult to manage.

He said there has been a surge in ransomware, with a sevenfold increase in attacks compared to last year, with the Travelex attack a stand-out case, leading to a massive disruption to services and a reported $2.3 million payment.

Cyber-attacks by nation states are also becoming a normalised part of doing business, he commented, singling out Russia for a series of attacks in recent years such as the ‘Not Petya’ attacks in 2017 which caused widespread disruption and are estimated to have cost some $10bn.

He suggested that Russia also participated in a sophisticated recent attack on a Saudi Arabian petrochemical plant.

However, Russia is far from alone here, he added: “China is conducting espionage at scale and North Korea continues to launch cyber-attacks to raise funds, being responsible for the ‘WannaCry’ attacks 2017 which are estimated to have cost $2bn”.

Iran also recently launched a cyber-attack on Israeli treatment plants, Prince noted.

Western states are not merely playing defensive here, however, with the US recently involved in attacks on Russian and Iranian targets, while Israel launched retaliatory attacks on an Iranian plant, he said.

The UK, too, is going on the offensive with the upcoming launch of the National Cyber Force.

Indeed, Prince noted, “offensive cyber-attacks are becoming a normal part of doing business”, adding that such attacks by nation states can have “an enormous impact” on the commercial sector even if these were not intended to be the initial targets.