With growing geopolitical tensions across the world, the digital realm of UK Plc is under continued threat from cyber criminals, bad actors, and nation states themselves. In recent months the Director of the Government Communications Headquarters (GCHQ) has said “that the Chinese state poses a genuine and increasing cyber risk for the UK”[1] and the Director General of MI5 has stated that “Russia's intelligence agency has been on a mission to generate sustained mayhem on British and European streets”[2].
Recognising the authority GCHQ and MI5 hold in the space, there is increased targeting of certain organisations with specific threats that require action which we address later.
However, for the majority of businesses our message is to not panic and continue to focus on good cyber security hygiene. Hygiene is the organisational, i.e. staff being aware of how to spot common threats, and technical, i.e. access to systems and data, controls that mitigate most cyber attacks and reduce the impact of them if they do occur. The National Cyber Security Centre (NCSC) has practical guidance in 10 steps to cyber security[3], or 5 steps[4] if you’re a very small organisation.
Returning to the warnings from GCHQ and MI5. Again, our message is not to panic. However, if you’re an organisation involved in critical national infrastructure, i.e. water and power or healthcare and food production, you should be assessing what these warnings mean for you.
It’s likely that you have internal expertise looking at this, but our guidance is alongside focusing on cyber security hygiene to also consider how to protect your operational technology (OT) environments that underpin the services you provide. Again the NCSC has a range of resources to help you make sense of cyber security in OT environments[5].
If you want to discuss how to best protect yourself with the resources you have, implementing available guidance, or anything else regarding cyber security then please get in touch.
[1] GCHQ and NCSC heads warn of increasing cyber risk from China - GCHQ.GOV.UK
[2] Director General Ken McCallum gives latest threat update | MI5 - The Security Service
[3] 10 Steps to Cyber Security - NCSC.GOV.UK