14 March 2017
The annual assessment of the biggest cyber threats to UK businesses has been published today, after being produced jointly for the first time by the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and industry partners from multiple sectors.
The pdf assessment (3.08 MB) - the most detailed of its kind to date - emphasises the need for increased collaboration between industry, government and law enforcement in the face of a growing and fast-changing threat.
The report discusses the trend of criminals imitating the way suspected nation state actors attack organisations such as financial institutions, and the risk posed by the ever-increasing number of connected devices, many of which are not always made secure by manufacturers or users.
It also highlights increased levels of aggressive and confrontational cyber crime, particularly through Distributed Denial of Service (DDoS) attacks combined with extortion, and ransomware, which encrypts victim computers and demands a ransom in return for restoring control to the user.
Particularly through the contribution of the private sectors companies forming the Strategic Cyber Industry Group, the report notes the cyber security challenges faced by businesses, and urges them to report all cyber crime to ensure the UK has an accurate intelligence picture.
The assessment additionally highlights the resources available to companies of all sizes, particularly the large firms which often present the most attractive targets for attackers.
The report will be presented at the NCSC's Cyber UK Conference in Liverpool, today (14 March).
Donald Toon, Director for economic and cyber crime at the National Crime Agency, said:
"We have worked with the NCSC and valued private sector partners to produce this assessment, setting out an up to date picture of threats to business including ransomware, DDoS and evolving financial trojans. These threats demonstrate the need for a collaborative response across industry, law enforcement and government, with the ultimate aim of protecting customers and the UK economy.
"Businesses reporting cyber crime is essential if we are to fully understand the threat, and take the most effective action against it. And while 100% protection doesn't exist, making cyber security an organisational priority and ensuring up to date processes and technology can protect against the vast majority of attacks.
"The NCA and its partners continue to have significant success against cyber crime, through identifying and arresting criminals at home and abroad, working to deter young people from becoming involved in criminality, and disrupting the ways in which criminals make and launder their money."
Ciaran Martin, CEO of the National Cyber Security Centre, said:
"The National Cyber Security Centre exists to benefit the whole country, so we are delighted to be here in Liverpool - the UK's first 'Smart City' - to share knowledge and expertise with many of our essential partners.
"As the national technical authority for cyber security in the UK, the NCSC agenda is unashamedly ambitious; we want to be a world leader in cyber security.
"Cyber attacks will continue to evolve, which is why the country must work together at pace to deliver hard outcomes and ground-breaking innovation to reduce the cyber threat to critical services and deter would-be attackers.
"No single organisation can defend against the threat on its own and it is vital that we work together to understand the challenges we face. We can only properly protect UK cyberspace by working with others with the rest of government, with law enforcement, the Armed Forces, our international allies and, crucially, with business and wider society."
Don Smith, technology director, SecureWorks and Strategic Cyber Industry Group representative, said:
"The development of technology throughout history has given smart criminals new ways to get what they want: email spawned the development of phishing and spam; online banking led to the creation of viruses that target bank accounts; and the Internet of Things will doubtless bring opportunities for new methods of attack. Many businesses face understandable difficulty in reporting cybercrime incidents, but knowing that revealing such information might prevent further harm to their business is essential. This assessment proves that collaboration is key to protecting our assets and targeting cyber criminals."