There has been a significant increase in malicious cyber activity since the start of the pandemic. From domestic attacks on our government institutions, media outlets and political parties, to the vicious assaults on Ukrainian websites by suspected Russian hackers. It is clear that cyber criminals are highly active and increasingly opportunistic. This worrying trend convinces me that the government’s ongoing work on strengthening our national cyber capabilities is more important than ever.
Cyber criminals often operate with impunity in states that turn a blind eye to these crimes. There is a distinct pattern showing various cyber actors operating from Russia, as in the case of the NotPetya attack in 2017 and cyberattacks against Georgia in 2019. Let’s make it clear—the UK government will do everything in its power to protect our national infrastructure, citizens, and businesses against any potential foreign interference.
However, cyber crime is ubiquitous and anyone could be a target. In fact, the most chronic cyber threats the UK faces are unsophisticated, pervasive cyber crimes, such as the hacking of emails or social media accounts. These can often seem like minor inconveniences, but hackers can take copies of your documents, steal your personal data or your credit card details. These could lead to other offences, like fraud or blackmail. As more of our lives go online, the more important it is to ensure we have protections in place.
The UK is one of the first countries in the world to include data on cyber offences in our crime statistics. In the year ending September 2021, there were an estimated 1.9m incidents of cyber crime experienced by adults in England and Wales. This accounts for around 15 per cent of estimated crime.
The government takes cyber crime very seriously. In December 2021, we launched the National Cyber Strategy which commits £2.6bn of new investment in cyber security and resilience over the next three years, reducing the risk and opportunity for cyber criminals to target individuals and businesses.
My department, the Home Office, coordinates the strategic work to combat the threat of cyber crime. This aims to detect, disrupt, and deter the malign use of technology by our adversaries more effectively in the future.
The government continues to invest in the National Crime Agency’s (NCA) National Cyber Crime Unit (NCCU) to improve its capabilities to investigate the most serious cybercrime. In 2019, we launched specialist Cyber Crime Units in every local police force in England and Wales so that they can provide an effective investigative response, support to victims, and targeted cyber crime prevention messaging, when needed.
But this is not just about what government is doing: we can all play our part. If you are a business owner, think about developing your cyber security skills in order to reassure customers and partners that your IT systems are resilient against cyberattacks.
If you have not already, I encourage you to familiarise yourself with Cyber Essentials. This is a government-backed certification scheme that helps organisations, big or small, to protect themselves against the most common cyber threats. This is the minimum acceptable standard that UK organisations need to meet to be cyber secure.
The National Cyber Security Centre (NCSC) also provides a range of free practical resources on their website that can be helpful for your staff, for example how to recognise phishing emails. If you want more tailored assistance on how to build your cyber resilience, do not hesitate to contact your regional cyber resilience centre.
As an individual, it is hugely important to make sure that your online accounts are secure. Our flagship “Cyber Aware” campaign aims at improving the cyber hygiene of the general public through simple steps such as creating passwords using three random words or setting up two-factor authentication.
Unfortunately, it is estimated that less than 4 per cent of cyber crime experienced by individuals is currently reported to the police, so we do not know the full impact of these criminal activities. By reporting it, we can reduce the power that attackers have and increase the data that we have to tackle this threat. If you are personally affected by cybercrime, please consider reporting via Action Fraud’s website. If you are a business or organisation, contact Action Fraud and the NCSC.
I cannot emphasise enough how valuable the intelligence coming from reporting is for building our UK national cyber resilience system, especially at a time of such international tension. But, importantly, you will also benefit from professional advice on how to recover from a cyber attack, or how to avoid paying ransoms if you have experienced cyber extortion.
If you are the victim of a ransomware attack, I strongly advise against paying the criminals. Ransom payments encourage further criminal activity and do not protect your networks from future attacks.
I remain cautiously optimistic that with the coordinated work of the government, law enforcement, the private sector, and our trusted international partners we will crack down on ruthless cybercriminal gangs for good. But in the fight against cyber crime we all need to stay vigilant and innovative as the threat landscape is changing very quickly.
