Record number of cyberattacks in UK during pandemic
The National Cyber Security Centre (NCSC) has defended more than 700 cyberattacks in the past year, up from an annual average of 602, including 200 related to Covid-19.
In its fourth annual review, the agency, part of GCHQ, also noted an increasing threat from ransomware.
The NCSC’s support during the pandemic included scanning more than a million NHS IP addresses (which detected 51,000 indicators of compromise) and raising awareness of vaccine research targeting. It also received 2.3 million reports from the public about suspicious emails, resulting in thousands of websites being taken down.
‘Our expertise has delivered’
Lindy Cameron, chief executive of the NCSC, said, “This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus.
“From handling hundreds of incidents to protecting our democratic institutions and keeping people safe while working remotely, our expertise has delivered across multiple frontiers.
“This has all been achieved with the fantastic support of government, businesses and citizens and I would urge them to continue contributing to our collective cyber security.”
‘High levels of malicious state activity’
Jeremy Fleming, director of GCHQ, said, “The world changed in 2020 and so did the balance of threats we are seeing.
“As this review shows, the expertise of the NCSC, as part of GCHQ, has been invaluable in keeping the country safe: enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic.
“The years ahead are likely to be just as challenging, but I am confident that in the NCSC we have developed the capabilities, relationships and approaches to keep the UK at the forefront of global cyber security.”
‘Vectors for espionage’
MP Penny Mordaunt, the paymaster general, said, “The COVID-19 pandemic continues to affect how we live and work. In a year of complex challenges, the NCSC has continued to react to swiftly-evolving cyber threats.
“This Review shows how the NCSC has taken decisive action against malicious actors in the UK and abroad who saw our digital lifelines as vectors for espionage, fraud and ransom attacks.
“It is vital that cyber security remains a priority for government, industry and the public in building UK resilience to a spectrum of risks.”
IT Employees Predict 90% Increase in Cloud Security Spending
As companies get back on their feet post-pandemic, they’re going all-in on cloud applications. In a recent report by Devo Technology titled “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits”, 81% of the 500 IT and security team members surveyed said that COVID accelerated their cloud timelines. More than half of the top-performing businesses reported gains in visibility. In fact, the cloud now outnumbers on-premise solutions at a 3:1 ratio.
But the benefits are accompanied by significant cybersecurity risks, as cloud infrastructure is more complex than legacy systems. Let’s dive in.
Why Are Cloud Platforms Taking Over?
According to Forrester, the public cloud infrastructure market could grow 28% over the next year, up to US$113.1bn. Companies shifting to remote work and decentralised workplaces find it easy to store and access information, especially as networks start to share more and more supply chain and enterprise information—think risk mitigation platforms and ESG ratings.
Here’s the catch: when you shift to the cloud, you choose a more complex system, which often requires cloud-native platforms for network security. In other words, you can’t stop halfway. ‘Only cloud-native platforms can keep up with [the cloud’s] speed and complexity” and ultimately increase visibility and control’, said Douglas Murray, CEO at cloud security provider Valtix.
Here’s a quick list of the top cloud security companies, as ranked by Software Testing Help:
What are the Security Issues?
Here’s the bad news. According to Accenture, less than 40% of companies have achieved the full value they expected on their cloud investments. All-in greater complexity has forced companies to spend more to hire skilled tech workers, analyse security data, and manage new cybersecurity threats.
The two main issues are (1) a lack of familiarity with cloud systems and (2) challenges with shifting legacy security systems to new platforms. Out of the 500 IT employees from Devo Technology’s cloud report, for example, 80% said they’d sorted 40% more security data, suffered from a lack of cloud security training, and experienced a 60% increase in cybersecurity threats.
How Will Companies React?
They certainly won’t stop investing in cloud platforms. Out of the 500 enterprise-level companies that Devo Technology talked to throughout North America and Western Europe, 90% anticipated a jump in cloud security spending in 2021. They’ll throw money at automating security processes and investing in security upskilling programmes.
After all, company executives will find it incredibly difficult to stick with legacy systems when some cloud-centred companies have found success. Since moving from Security Information and Event Management (SIEM) offerings to the cloud, Accenture has saved up to 70% on its processes; recently, the company announced that it would invest US$3bn to help its clients ‘realise the cloud’s business value, speed, cost, talent, and innovation benefits’.
The company stated: ‘Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator’.