NCSC warns of rising cyber threats to UK from Russia

The National Cyber Security Centre (NCSC) has issued a warning of heightened security risk to UK's critical national infrastructure, with rising threats from Russia state-aligned actors. Pro-Russia hacktivists have been targeting small-scale industrial control systems in the UK, Europe, and North America. The NCSC predicts more attacks on these sectors in the coming months.

These threats, according to the NCSC, have been largely technically unsophisticated, predominately causing physical disruption to operations through DDoS attacks and website defacements. Meanwhile, US agencies have reported physical disruption to operations caused by these security breaches.

Against this backdrop, David Manfield, Associate Director for Cyber Security at Investigo, part of The IN Group, shared his views on the situation. He stated, "During periods of heightened cyber threat, organisations must re-evaluate their cyber defences, from technology to people, to ensure they can stay robust in the face of an attack." He highlighted the talent deficit in cybersecurity, referencing a survey that showed cyber staff being the "top talent pain point for over a third of organisations". This presents a stark gap in cyber readiness, making the hunt for cyber professionals essential as we move into an era of AI-enabled cyber threats.

It has been found that state-aligned groups, often supporting Russian invasion of Ukraine, have been the source of these threats in the past 18 months. In response, the NCSC has advised all operational technology owners and operators to follow recommended mitigation strategies to strengthen their cyber defences. "We expect these groups to look for opportunities to create such an impact, especially if systems are poorly protected," the NCSC warned.

Achi Lewis, the Area VP EMEA for Absolute Security, has highlighted the importance of cyber resilience. He said, "Cyber resilience should be the top priority for the NCSC, government, and businesses, underpinning comprehensive cyber defence measures to combine reactive, preventative and recovery procedures." He also drew on the inevitability of cyber attacks, stressing the importance of ensuring that endpoint devices, in particular, are strongly protected against threats to best insulate against the implications of breaches.

Lewis flagged the failure of essential security tools in many devices, citing findings from Absolute Security's Cyber Resilience Index that showed 24% of the time, Endpoint Protection Platforms and network access security applications on managed PCs fail to operate effectively. This failure opens up high-risk security gaps and leaves them susceptible to breaches, which could make them an easy entry point for malicious attackers.

Oseloka Obiora, CTO at RiverSafe, expressed concern over the detrimental effects an attack on critical national infrastructure could have on public services. He stated, "Security teams need comprehensive network visibility to enable them to both detect and address vulnerabilities before significant damage is caused." He further emphasised that in dispersed environments, observability should be fundamental to monitor the condition of networks, infrastructure and applications based on data outputs, ensuring issues are promptly identified and resolved.