‘Broader and deeper’ online risk to UK from criminals and state-backed hackers

3 December 2024, 15:34

The GCHQ building in Cheltenham (GCHQ)
GCHQ proposal. Picture: PA

The head of the National Cyber Security Centre, Richard Horne, said the reliance on technology meant the risk from attack was greater.

The UK’s reliance on technology across government, businesses and people’s personal lives has left us more vulnerable to potentially devastating online attacks, the head of the cyber security agency warned.

National Cyber Security Centre (NCSC) chief Richard Horne said the threat was “getting broader and in some parts deeper”, with online criminals and state-backed hackers from countries such as Russia and China looking to exploit vulnerabilities.

He said since taking on the role at the NCSC in October, he was both more concerned because of the “stark truth about the risk” but also more reassured because of the strength of the UK’s cyber defence community.

The head of the NCSC, part of the GCHQ intelligence agency, told the PA news agency: “We’re seeing the threat getting broader and in some parts, deeper.

“So where it’s getting broader is we’re seeing more and more cyber criminals able to have quite devastating effects on organisations and customers of those organisations, or people who rely on those services.”

And “in some cases, it is going deeper” with more sophisticated attacks being carried out around the world, he added.

“That tends to be more in the theatre of war, as it were, but there’s always the possibility of that sort of those really sophisticated attacks spilling over, which we’ve seen in the past.”

In Russia, Vladimir Putin’s government and state-aligned hackers have sought to target countries including Ukraine to support the war there – but also Nato members including the UK.

Mr Horne said: “In some ways, the breadth of threat is really criminals, and those criminals might be in Russia, and they might be kind of state-aligned rather than state-directed.

“But the breadth of threats that most organisations in the UK need to think about is criminal threat, and especially ransomware, because of the devastation it can cause.”

Hackers from China have been blamed for hacking the Electoral Commission’s database and targeting MPs’ emails.

Mr Horne told PA: “China are a very capable cyber actor and they’re certainly establishing their position in the world.

“And for us it comes back to: where are we exposed, where are we vulnerable, how are we managing our risk?

“As geopolitics unfolds and different actors assert their position more, we need to be ready to assert our position, and part of that is defence.”

The last government took action to remove Chinese firm Huawei from the UK’s 5G mobile network because of security concerns.

But with the proliferation of Chinese technology across all aspects of life, Mr Horne insisted the country that technology originated from was not the main factor in determining risk.

He said: “I think in some ways, one of my colleagues had a great expression, ‘the flag is not a great indicator of risk’.

“It’s more a case of ‘what is that technology taking out and what information is leaving’ and it’s not necessarily going to one place or another and it doesn’t really matter, from the perspective of defence, where it’s going because attackers can misuse it.

“It’s more a case of more and more technology is impeding on our lives, we are depending on it more, and as a result, data is leaving us to go elsewhere, and that’s very much part of the risk we need to understand.”

The NCSC’s annual review showed a threefold increase in the most serious cyber incidents affecting the UK in 2023-24, but Mr Horne warned the danger is still being “widely underestimated” by both public and private sector organisations and individuals.

Asked whether it was the Government, companies or individuals failing to understand the risk, Mr Horne said: “I think it’s everyone … The extent to which technology is taking our information and moving it elsewhere, the extent to which organisations rely on their supply chains, and those supply chains have all sorts of risks that they haven’t considered.

“The extent to which organisations apply basic security controls consistently everywhere and not just at the core – they all kind of add up to not properly understanding the extent of exposure and the extent of vulnerability.

“And at the same time, the threat is getting broader. So add all of that together and it’s a growing risk.”

Mr Horne joined NCSC from professional services giant PwC in October. Asked whether he was more concerned or more reassured as a result of his time at the cyber defence agency, he said: “I think you’re more concerned because you do see the stark truth about the risk, but more reassured because there is so much happening.”

The NCSC was part of a cyber defence community “and I think if there’s one thing we have in this country that is probably better than anywhere else, it’s the way we can pull together as that community across all parts of society and protect ourselves together”.

In a speech launching the agency’s annual review at its headquarters in London, Mr Horne said the UK relied on online infrastructure “to keep the lights on and the water running, to improve our public services, to keep businesses running, and to drive our growth and prosperity”.

“But those critical systems and services make attractive targets for hostile states and malicious actors in cyberspace.

“They are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction.”

By Press Association

More Technology News

See more More Technology News

A child’s hand pressing a key of a laptop keyboard

Charity ‘appalled’ at reports online safety laws could be cut for US trade deal

School children during a Year 5 class at a primary school

Education Secretary: More men needed in classrooms to be positive role models

Games controller

Cult classic Shenmue named most influential game of all time in Bafta poll

Alliance MP Sorcha Eastwood (PA)

Parents crying out for online regulation, MP Eastwood says

TikTok is set to be banned in the United States later this week unless a buyer emerges.

Amazon makes last-minute bid to buy TikTok as deadline looms

Nintendo Switch 2

Everything you need to know about the Nintendo Switch 2

The Nintendo Switch 2 will release on June 5, 2025

Nintendo Switch 2: Exciting reveal, but why is it more expensive here?

A Nintendo Switch 2

Nintendo confirms Switch 2 will launch on June 5

Tesla dealership damage

Tesla sales tumble to weakest since 2022 amid Musk backlash

The Nintendo Switch 2

Nintendo reveals release date for long-awaited Switch 2 console

Roblox has introduced a slew of new safety features.

Gaming platform Roblox adds slew of safety fixtures for parents to monitor their children’s accounts

Meta's decision to change its content policies was heavily criticised by online safety experts (PA)

Majority oppose Meta’s rollback of safety rules, charity says

A child's hands pressing laptop keys

Regulation and technology can help combat spread of online misogyny, expert says

Raspberry Pi 4 micro computer

Raspberry Pi profits tumble after supply shortages

An RNLI lifeboat brings a group of people thought to be migrants into Dover

UK to work with allies and social media to tackle people smuggling adverts

A child using an Apple iPhone smartphone

School curriculum resources to teach children about risks of in-game purchases