The National Cyber Security Centre’s (NCSC’s) eighth annual review was published at the end of last year, detailing the major cyber security threats and trends facing the UK, as well as predicting what challenges will lie ahead in the future… with the 2024 cyber threat landscape described as both diffuse and dangerous.
It was found that cyber incidents are becoming increasingly frequent and their impact increasingly severe, with ransomware identified as being the most pervasive cyber threat to organisations.
Use of artificial intelligence (AI) is also increasingly being seen, driving up the volume and heightening the impact of these attacks.
For the 2023/2024 year, 430 incidents were handled by the NCSC (up from the 371 seen the year before), with the main sectors reporting ransomware activity emerging as legal, IT, manufacturing, academia, construction, and charities.
Commenting ahead of the review publication, new CEO of the NCSC Richard Horne said: “What has struck me more forcefully than anything else since taking the helm at the NCSC is the clearly widening gap between the exposure and threat we face, and the defences that are in place to protect us.
“And what is equally clear to me is that we all need to increase the pace we are working at to keep ahead of our adversaries.
“The NCSC, as the National Technical Authority, has been publishing advice, guidance, and frameworks since our inception, in a bid to drive up the cyber security of the UK. The reality is that advice, that guidance, those frameworks need to be put into practice much more across the board.
“We need all organisations, public and private, to see cyber security as both an essential foundation for their operations and a driver for growth. To view cyber security not just as a ‘necessary evil’ or compliance function, but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.”
How cyber security delivers cyber resilience
Aside from ransomware, other cyber-attacks to be on your guard against include malware, phishing, spoofing, code injections, social engineering, denial of service, tunnelling and – increasingly – both Internet of Things and AI-powered incidents.
The risks to businesses across all industries and sectors are very real and the consequences can be catastrophic.
This means that organisations must make sure they invest in innovative cyber security strategies to prevent attacks and ensure that they can recover quickly if the worst does happen, building resilience into systems, processes, and procedures to mitigate the effects.
Being more cyber resilient means that you’ll be better able to withstand and recover from a wide range of different attacks, identifying ways in which you can minimise the impact so that your business can continue to operate no matter what.
Your cyber security strategy should include:
– Preventative and detective measures
– Corrective controls
– General disaster recovery and continuity plans
– How you intend to continue operating in the event of an attack
– The strategies you’ll use to recover your data and systems
– Risk management processes where you identify, assess and mitigate incidents.
Also make sure that you focus on supply chain security when putting these strategies together, so you know that your suppliers and third-party vendors are also secure and won’t put your systems at risk.
And, finally, you also need to carry out awareness campaigns within the office environment itself so that your employees, from top to bottom, know what their responsibilities are, know what to look out for and know what to be on their guard against.
By embracing both the concept of cyber security and cyber resilience, you’ll naturally find that other aspects of your business improve at the same time.
You’ll develop a deeper understanding of your organisation, identifying what’s most critical to your operations and what your inherent strengths and weaknesses are, enabling you to deliver wholesale organisational change – and to evolve over time in line with future developments, both internally and externally.
New government guidance
Just today (April 8th), the government has published new guidance to help directors and company boards shore up cyber defences to further protect organisations from the growing prevalence of online threats.
The new Code of Practice details how daily operations can be protected, including having a cyber strategy in place to ensure that risk management supports resilience and growth effectively, as well as promoting a cyber secure culture within your organisation and implementing incident response plans.
Figures show that 74 percent of large businesses and 70 percent of medium-sized companies have experienced breaches and attacks in the last 12 months, with these threats costing the UK economy nearly £22 billion annually between 2015 and 2019 and having significant impacts on company operations and reputations.
Despite this, one-third of large businesses still don’t have a formal cyber strategy in place, while almost 50 percent of medium-sized companies don’t have an incident response plan backing them up.
ISO certification
One of the best ways to enhance your credibility, improve operational efficiencies and risk management procedures, as well as increasing customer confidence and demonstrating your commitment to business continuity and continual improvement is to consider ISO certification.
There are two ISO standards that lend themselves neatly to addressing cyber-crime: ISO 27001 for information security (the prevention standard), and ISO 22301 for business continuity (the impact minimisation standard).
ISO 27001 supports businesses in ensuring that their security systems are robust and up to date to prevent data breaches, with certification guiding you on how to set up, implement, maintain, and continually improve information security management systems.
ISO 22301:2019 will provide the framework for your business for minimising the impacts against unexpected events, everything from cyber-attacks and natural disasters to pandemics and supply chain disruption.
If you would like to find out more about these standards, or, indeed, any of the others we have available here at ISO-Cert Online, contact the team today.
