NCSC chief warns of gap in cyber threats and defence capabilities

The UK’s cyber security chief has issued a warning about the growing disparity between the increasing cyber threats faced by the UK and its allies and their combined defense capabilities.

Speaking at the Singapore International Cyber Week, Richard Horne, the newly appointed head of GCHQ’s National Cyber Security Centre (NCSC), emphasized the need for closer collaboration between the UK and its allies to enhance global resilience against the rising complexity and aggression of online security threats.

“The reliance on technology is expanding and changing societies, offering new opportunities but also exposing us to greater cyber risks. Without united action, we risk widening the gap between the escalating threats to our societies, critical services, and businesses, and our ability to defend and recover,” stated Horne.

“The threat landscape is becoming more intricate, with a rise in significant incidents. To bridge this gap, we require coordinated global efforts to bolster cyber resilience, integrate security into technology from the outset, and prepare both public and private sectors to not only defend against but also swiftly recover from destructive cyber attacks.”

Horne stressed the importance of collaboration, particularly given the expansion of cyber capabilities leading to a broader threat landscape. The NCSC has already responded to 50% more nationally significant incidents in 2024 compared to the previous year, along with a threefold increase in severe incidents.

“Last month, 39 nations and eight international insurance bodies endorsed guidelines for organizations dealing with ransomware payments,” he noted, referring to guidance developed by the UK and Singapore during the fourth Counter Ransomware Initiative Summit in early October.

The guidance highlights the risks of paying ransoms and encourages victims to report attacks, assess data backups, seek advice from cyber experts, and have proactive policies, frameworks, and communication plans in place.

“This collaboration demonstrates the progress achievable through working together, showcasing that cyberspace has no boundaries,” Horne added.

Additionally, Horne emphasized the necessity of long-term technology resilience, cautioning that new technologies could become vulnerable without integrated management and security throughout their lifecycle.

“Today’s innovations will be tomorrow’s legacies. We must implement a lifecycle management approach to ensure ongoing security and resilience,” he advised.

He also highlighted the role of governments in guiding the conversation on future-proofing new systems against cyber threats, alongside developers’ efforts to secure their products.

Earlier in January 2024, the NCSC warned about the increasing use of artificial intelligence in ransomware attacks, urging organizations and individuals to follow cyber security hygiene advice to bolster their defenses.

“As AI is utilized in cyber attacks, it is crucial to enhance security measures to combat evolving threats like ransomware,” said then-NCSC CEO Lindy Cameron.