A basic cyber security posture is inadequate and most attacks will only be defeated by organisations prioritising cyber security and working closely with government and law enforcement, according to a report released today by the National Cyber Security Centre (NCSC), which is part of intelligence agency GCHQ. Major incidents in 2017 included ransomware and distributed denial of service attacks, massive data breaches, supply chain compromises, and fake news and information operations

Emerging threats

Launched at the NCSC’s CYBERUK 2018 summit in Manchester, attended by 1,800 cyber security experts, 'The Cyber Threat to UK Business’ report is jointly authored by the NCSC and the National Crime Agency (NCA) in collaboration with industry partners. Detailing the biggest cyber attacks from 2017, the report notes that risks to UK businesses continue to grow, and highlights emerging threats as theft from cloud storage and cryptojacking, in which computers are hijacked to create crypto currencies such as bitcoin.

Danger of under-reporting

Between October 2016 and the end of 2017, the NCSC recorded 34 significant cyber attacks, meaning attacks typically requiring a cross-government response, with WannaCry the most disruptive of these. They also recorded 762 less serious incidents, typically confined to single organisations. 2018 will bring more of these attacks, says Ciaran Martin, chief executive of the NCSC, who advises companies to take steps to deal with the issue: 'The key to better cyber security is understanding the problem and taking practical steps to reduce risk.' The NCSC warns that under-reporting of cyber crime by businesses means crucial evidence and intelligence about cyber threats and offenders is lost. Donald Toon, director of the NCA’s Prosperity Command, said: 'Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.'