SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

UK warned cyber security efforts lag behind evolving threats

Today

The ever-evolving threat of ransomware continues to challenge both public and private sector organisations in the United Kingdom and globally, with experts warning that current countermeasures must accelerate in both sophistication and breadth to keep pace with cybercriminal innovation. The concerns are underscored by the latest findings of the UK Parliament's Public Account Committee, which warn that the government's existing efforts fall short of ensuring cyber resilience by 2030 unless a radically new approach is adopted.

Hannah Baumgaertner, Head of Research at threat intelligence company Silobreaker, highlights a notable uptick in advanced tactics by ransomware groups. "Ransomware actors are constantly evolving their tactics to bypass modern security controls. A notable trend at present is the use of Bring Your Own Vulnerable Driver (BYOVD) techniques, which allow attackers to evade endpoint detection and response tools," Baumgaertner explains. She points to groups like CrazyHunter, Medusa, and the newly identified DOGE Big Balls—linked with the Fog ransomware strain—as having adopted such methods. In addition to technical methods, attackers continue to exploit legitimate system tools in 'living-off-the-land' attacks, blending malicious activities with regular operations to avoid detection.

Vulnerabilities in unpatched software remain a major attack vector, with Baumgaertner stressing the need for vigilant patch management and staff awareness training to combat phishing—the most common means of initial compromise. She notes that while the manufacturing sector has seen increased targeting, both government and healthcare organisations remain favoured targets due to the high value of their data. "This trend is expected to continue due to the high value of data such organisations store," she adds.

On the regulatory front, the UK government has introduced a three-tier consultation aimed at curbing ransomware's impact. Measures include a targeted ban on ransom payments for public sector organisations, mandatory reporting to the National Crime Agency by entities intending to pay, and a broader incident reporting framework. Chris Taylor, Principal Incident Response Analyst at NormCyber, warns that, however, these proposals fall short of a universal payment ban. "Only sectors such as Critical National Infrastructure are being banned from making payment, so most businesses will still, unfortunately, have the option to pay a ransom. The attackers will follow the money, and the proposal doesn't universally ban payment," Taylor remarks. He emphasises the importance of regular cybersecurity training, robust backup solutions, and clear incident response protocols, highlighting adherence to standards like ISO 27001 as a marker of organisational maturity in risk management.

The larger cyber resilience challenge is starkly highlighted by the Public Account Committee's most recent report, which criticises the gap between the growing complexity of threats and the government's response capacity. Chris Dimitriadis, Chief Global Strategy Officer at ISACA, the cyber skills accreditor, observes that "cyber threats are evolving at a breakneck pace. Adversaries are taking advantage of new technologies, such as AI, to make their tactics more effective at disrupting public services and critical national infrastructure." He welcomed the government's introduction of the Software Security Code of Practice for vendors but echoes the report's call for a more fundamental overhaul. Dimitriadis calls for organisations to treat cybersecurity not as a compliance issue but as a core strategic priority, underpinned by board-level accountability and widespread adoption of governance frameworks such as the Cyber Governance Code of Practice.

Dimitriadis also notes the skills deficit affecting both public and private sectors, citing ISACA research that indicates 58% of European IT professionals believe a cyberattack is likely in the coming year. "There must be a greater investment in cyber training and skills development to build technical expertise and their knowledge of different threats as they evolve. We support the recommendations in the Report to fill cyber vacancies within the government's workforce to build a more resilient organisation," he says.

In summary, while both government and industry have recognised the escalation of ransomware and broader cyber threats, the consensus among experts is that a holistic, top-down approach—combining regulation, organisational strategy, technology, and workforce development—is required to meet the scale of the challenge. Without this, incidents affecting critical national infrastructure, public services, and private business are expected to become more frequent and severe.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X