‘Broader and deeper’ online risk to UK from criminals and state-backed hackers

3 December 2024, 15:34

The GCHQ building in Cheltenham (GCHQ)
GCHQ proposal. Picture: PA

The head of the National Cyber Security Centre, Richard Horne, said the reliance on technology meant the risk from attack was greater.

The UK’s reliance on technology across government, businesses and people’s personal lives has left us more vulnerable to potentially devastating online attacks, the head of the cyber security agency warned.

National Cyber Security Centre (NCSC) chief Richard Horne said the threat was “getting broader and in some parts deeper”, with online criminals and state-backed hackers from countries such as Russia and China looking to exploit vulnerabilities.

He said since taking on the role at the NCSC in October, he was both more concerned because of the “stark truth about the risk” but also more reassured because of the strength of the UK’s cyber defence community.

The head of the NCSC, part of the GCHQ intelligence agency, told the PA news agency: “We’re seeing the threat getting broader and in some parts, deeper.

“So where it’s getting broader is we’re seeing more and more cyber criminals able to have quite devastating effects on organisations and customers of those organisations, or people who rely on those services.”

And “in some cases, it is going deeper” with more sophisticated attacks being carried out around the world, he added.

“That tends to be more in the theatre of war, as it were, but there’s always the possibility of that sort of those really sophisticated attacks spilling over, which we’ve seen in the past.”

In Russia, Vladimir Putin’s government and state-aligned hackers have sought to target countries including Ukraine to support the war there – but also Nato members including the UK.

Mr Horne said: “In some ways, the breadth of threat is really criminals, and those criminals might be in Russia, and they might be kind of state-aligned rather than state-directed.

“But the breadth of threats that most organisations in the UK need to think about is criminal threat, and especially ransomware, because of the devastation it can cause.”

Hackers from China have been blamed for hacking the Electoral Commission’s database and targeting MPs’ emails.

Mr Horne told PA: “China are a very capable cyber actor and they’re certainly establishing their position in the world.

“And for us it comes back to: where are we exposed, where are we vulnerable, how are we managing our risk?

“As geopolitics unfolds and different actors assert their position more, we need to be ready to assert our position, and part of that is defence.”

The last government took action to remove Chinese firm Huawei from the UK’s 5G mobile network because of security concerns.

But with the proliferation of Chinese technology across all aspects of life, Mr Horne insisted the country that technology originated from was not the main factor in determining risk.

He said: “I think in some ways, one of my colleagues had a great expression, ‘the flag is not a great indicator of risk’.

“It’s more a case of ‘what is that technology taking out and what information is leaving’ and it’s not necessarily going to one place or another and it doesn’t really matter, from the perspective of defence, where it’s going because attackers can misuse it.

“It’s more a case of more and more technology is impeding on our lives, we are depending on it more, and as a result, data is leaving us to go elsewhere, and that’s very much part of the risk we need to understand.”

The NCSC’s annual review showed a threefold increase in the most serious cyber incidents affecting the UK in 2023-24, but Mr Horne warned the danger is still being “widely underestimated” by both public and private sector organisations and individuals.

Asked whether it was the Government, companies or individuals failing to understand the risk, Mr Horne said: “I think it’s everyone … The extent to which technology is taking our information and moving it elsewhere, the extent to which organisations rely on their supply chains, and those supply chains have all sorts of risks that they haven’t considered.

“The extent to which organisations apply basic security controls consistently everywhere and not just at the core – they all kind of add up to not properly understanding the extent of exposure and the extent of vulnerability.

“And at the same time, the threat is getting broader. So add all of that together and it’s a growing risk.”

Mr Horne joined NCSC from professional services giant PwC in October. Asked whether he was more concerned or more reassured as a result of his time at the cyber defence agency, he said: “I think you’re more concerned because you do see the stark truth about the risk, but more reassured because there is so much happening.”

The NCSC was part of a cyber defence community “and I think if there’s one thing we have in this country that is probably better than anywhere else, it’s the way we can pull together as that community across all parts of society and protect ourselves together”.

In a speech launching the agency’s annual review at its headquarters in London, Mr Horne said the UK relied on online infrastructure “to keep the lights on and the water running, to improve our public services, to keep businesses running, and to drive our growth and prosperity”.

“But those critical systems and services make attractive targets for hostile states and malicious actors in cyberspace.

“They are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction.”

By Press Association

More Technology News

See more More Technology News

Sir Keir Starmer delivers a statement on the Southport murders

Starmer promises action to end ‘shockingly easy’ access to knives online

Nicola Coughlan as Penelope Featherington and Luke Newton as Colin Bridgerton in Netflix series Bridgerton

Netflix raising prices in US and other countries after topping 300m subscribers

A child uses a tablet computer

Children ‘no match’ for Silicon Valley billions, peer says in online safety plea

Ulbricht was sentenced to life in prison after being found guilty in a 2015 narcotics and money laundering trial.

Donald Trump pardons creator of dark web drug marketplace Silk Road

Prime Minister Sir Keir Starmer delivers a statement at 10 Downing Street in London

Online safety group urges Starmer to crack down on child sex abuse imagery loopholes

A man using ChatGPT on a mobile phone

App spending on AI chatbots tripled in 2024 – report

Donald Trump is 'open' to Elon Musk buying TikTok

Donald Trump 'open' to Elon Musk buying TikTok as he announces $500 billion AI investment

A child’s hand pressing a key of a laptop keyboard

Online safety group urges Starmer to intervene over child sexual abuse imagery

Education Secretary Bridget Phillipson (PA)

Phillipson to set out plans to use technology to ‘modernise’ education system

Sir Keir Starmer statement on Southport

Starmer hints at tougher laws to block ‘tidal wave of violence’ online

A British passport

Peers inflict Government defeat amid fears gender self-ID might confuse AI

Science, Innovation and Technology Secretary Peter Kyle (PA)

Driving licences and veteran cards to be first digital IDs in Government app

TikTok logo on a phone

Trump joint venture proposal on TikTok ownership counter-intuitive, expert says

The WhatsApp icon displayed on a smartphone

Meta to give users option to link WhatsApp account with Facebook and Instagram

A UK driving licence shown beside a counterpart driving licence

Digital driving licences coming this year as part of new government app

President Donald Trump signs an executive order on TikTok in the Oval Office of the White House

President Trump gives TikTok 75-day extension to sell its US business