‘Broader and deeper’ online risk to UK from criminals and state-backed hackers

3 December 2024, 15:34

The GCHQ building in Cheltenham (GCHQ)
GCHQ proposal. Picture: PA

The head of the National Cyber Security Centre, Richard Horne, said the reliance on technology meant the risk from attack was greater.

The UK’s reliance on technology across government, businesses and people’s personal lives has left us more vulnerable to potentially devastating online attacks, the head of the cyber security agency warned.

National Cyber Security Centre (NCSC) chief Richard Horne said the threat was “getting broader and in some parts deeper”, with online criminals and state-backed hackers from countries such as Russia and China looking to exploit vulnerabilities.

He said since taking on the role at the NCSC in October, he was both more concerned because of the “stark truth about the risk” but also more reassured because of the strength of the UK’s cyber defence community.

The head of the NCSC, part of the GCHQ intelligence agency, told the PA news agency: “We’re seeing the threat getting broader and in some parts, deeper.

“So where it’s getting broader is we’re seeing more and more cyber criminals able to have quite devastating effects on organisations and customers of those organisations, or people who rely on those services.”

And “in some cases, it is going deeper” with more sophisticated attacks being carried out around the world, he added.

“That tends to be more in the theatre of war, as it were, but there’s always the possibility of that sort of those really sophisticated attacks spilling over, which we’ve seen in the past.”

In Russia, Vladimir Putin’s government and state-aligned hackers have sought to target countries including Ukraine to support the war there – but also Nato members including the UK.

Mr Horne said: “In some ways, the breadth of threat is really criminals, and those criminals might be in Russia, and they might be kind of state-aligned rather than state-directed.

“But the breadth of threats that most organisations in the UK need to think about is criminal threat, and especially ransomware, because of the devastation it can cause.”

Hackers from China have been blamed for hacking the Electoral Commission’s database and targeting MPs’ emails.

Mr Horne told PA: “China are a very capable cyber actor and they’re certainly establishing their position in the world.

“And for us it comes back to: where are we exposed, where are we vulnerable, how are we managing our risk?

“As geopolitics unfolds and different actors assert their position more, we need to be ready to assert our position, and part of that is defence.”

The last government took action to remove Chinese firm Huawei from the UK’s 5G mobile network because of security concerns.

But with the proliferation of Chinese technology across all aspects of life, Mr Horne insisted the country that technology originated from was not the main factor in determining risk.

He said: “I think in some ways, one of my colleagues had a great expression, ‘the flag is not a great indicator of risk’.

“It’s more a case of ‘what is that technology taking out and what information is leaving’ and it’s not necessarily going to one place or another and it doesn’t really matter, from the perspective of defence, where it’s going because attackers can misuse it.

“It’s more a case of more and more technology is impeding on our lives, we are depending on it more, and as a result, data is leaving us to go elsewhere, and that’s very much part of the risk we need to understand.”

The NCSC’s annual review showed a threefold increase in the most serious cyber incidents affecting the UK in 2023-24, but Mr Horne warned the danger is still being “widely underestimated” by both public and private sector organisations and individuals.

Asked whether it was the Government, companies or individuals failing to understand the risk, Mr Horne said: “I think it’s everyone … The extent to which technology is taking our information and moving it elsewhere, the extent to which organisations rely on their supply chains, and those supply chains have all sorts of risks that they haven’t considered.

“The extent to which organisations apply basic security controls consistently everywhere and not just at the core – they all kind of add up to not properly understanding the extent of exposure and the extent of vulnerability.

“And at the same time, the threat is getting broader. So add all of that together and it’s a growing risk.”

Mr Horne joined NCSC from professional services giant PwC in October. Asked whether he was more concerned or more reassured as a result of his time at the cyber defence agency, he said: “I think you’re more concerned because you do see the stark truth about the risk, but more reassured because there is so much happening.”

The NCSC was part of a cyber defence community “and I think if there’s one thing we have in this country that is probably better than anywhere else, it’s the way we can pull together as that community across all parts of society and protect ourselves together”.

In a speech launching the agency’s annual review at its headquarters in London, Mr Horne said the UK relied on online infrastructure “to keep the lights on and the water running, to improve our public services, to keep businesses running, and to drive our growth and prosperity”.

“But those critical systems and services make attractive targets for hostile states and malicious actors in cyberspace.

“They are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction.”

By Press Association

More Technology News

See more More Technology News

Bafta Games Awards 2025

Astro Bot sweeps Bafta Game Awards with five wins

A detailed new scan of the Titanic has revealed the ship's haunting final hours.

Scan reveals Titanic's final hours in ground-breaking discovery

Sabrina Carpenter's Fortnite avatar (Epic Games/PA)

Sabrina Carpenter joins Fortnite universe as Festival icon

The tools mean the accounts of under-16s are heavily restricted by default (Alamy/PA)

Meta expands Instagram parental controls and brings them to Facebook

a biotech start-up has announced the animals had been brought back to life

Dire wolf extinct for 12,500 years 'brought back to life', scientists claim

A server room in a data centre

Energy and tech giants to meet Government over plans to power UK AI

A message on an iPhone in London warning that Apple can no longer offer Advanced Data Protection to its customers in the UK

Home Office loses bid to keep Apple legal challenge private

Metro Bank website

Metro Bank launches AI-powered scam detection tool

Esther Ghey

Brianna Ghey’s mother considers parent of her daughter’s killer ‘a friend’

Molly Russell

Meta and Pinterest understood to have made donations to Molly Russell charity

TikTok is set to be banned in the United States later this week unless a buyer emerges.

Trump grants TikTok another extension, avoiding US ban, as he says deal to sell app is 'very close'

A TikTok logo on a phone

Q&A: Will TikTok be banned in the US this weekend?

TikTok logo on a phone

Trump says TikTok deal ‘very close’ as deadline looms

A child’s hand pressing a key of a laptop keyboard

Charity ‘appalled’ at reports online safety laws could be cut for US trade deal

School children during a Year 5 class at a primary school

Education Secretary: More men needed in classrooms to be positive role models

Games controller

Cult classic Shenmue named most influential game of all time in Bafta poll