The chief of the U.K.’s National Cyber Security Centre (NCSC) says ransomware is the key threat facing Britain and urged the public and businesses to take it seriously.
Speaking virtually to an audience at the Royal United Services Institute (RUSI) Annual Security Lecture on June 14, Lindy Cameron warned of the “cumulative effect” of failing to properly deal with the rising threat.
She also revealed the threat faced by think tanks, noting that it is “almost certain” that the primary cyber threat they face is from nation state espionage groups, and it is highly likely that they seek to gain strategic insights into government policy and commercially sensitive information.
The CEO of the NCSC – which is a part of GCHQ – also warned that for the vast majority of U.K. citizens and organizations, the primary key threat is not state actors but cyber criminals.
She highlighted the importance of building organizational cyber resilience which, in combination with government capabilities and law enforcement action, is the most effective way to counter threats in cyberspace.
Lindy Cameron said: “For most U.K. citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals, and in particular the threat of ransomware.
“While government is uniquely able to disrupt and deter our adversaries, it is network defenders in industry, and the steps that all organizations and citizens are taking that are protecting the U.K. from attacks, day in, day out.
“The protection they provide is crucial to the digital transformation of the economy, and every organization, large and small, has a role to play.”
On the recent rise in ransomware attacks, Cameron noted that the ecosystem is evolving through the Ransomware as a Service (RaaS) model, whereby ransomware variants and commodity listings are available off the shelf for a one-off payment or a share of the profits.
As the RaaS model has become increasingly successful, with criminal groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly “professional”.
Elsewhere, Lindy Cameron also set out the context of the Integrated Review and forthcoming cyber strategy, highlighting the need to better integrate the country’s security, economic, technical, and diplomatic capabilities in support of shared national objectives.
She outlined how allies and adversaries alike are betting on cyber, and that the U.K. needs to continue setting the pace.