Nation states including Russia and North Korea have been behind attacks which affected the UK and other countries this year, while organised crime groups have also continued to harm the economy.
Reporting on the cyber threat to business, the NCSC and the National Crime Agency highlighted how successful law enforcement and industry collaboration underpinned the UK’s response to cyber attacks.
“Despite these very real threats to the nation’s security, I am confident in the UK’s ability to combat the attacks that we face every day,” said the NCSC’s chief executive, Ciaran Martin.
“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk, and reducing their return on investment.”
Launched on Tuesday at the start of the CyberUK summit in Manchester, the threat report has been published in collaboration with industry partners – with whom the NCSC and the NCA regularly collaborate.
The report stresses that the private and public sector need to work together to handle cyber crime, and most experts in the cyber security arena have applauded NCSC’s public engagement work with both citizens and businesses since it was founded in October 2016.
Donald Toon, the director of the NCA’s Prosperity Command, warned: “Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.
“By increasing collaboration between law enforcement, government and industry we will make sure the UK is a safe place to do business and hostile zone for cyber criminals.”
The report runs through a number of case studies covering the WannaCry ransomware attack which involved malware designed by North Korean hackers which hit the NHS leading to the cancellation of almost 7,000 appointments.
The report also detailed data breaches affecting Yahoo, Equifax, and Uber – as well as an unnamed telecommunications company – the largest of which were likely carried out by groups assessed to have links to state actors.
Businesses are also warned about business email compromise, a form of phishing attack where a cyber criminal impersonated a senior executive and attempts to coerce the victim to send funds or information to the attacker.
According to the report, Dublin Zoo was hit by such a scam last year after attackers intercepted legitimate supplier invoices and manipulated data on the documents to change payment details and account numbers.
Dublin Zoo lost nearly £420,000 to the scam.
The report also highlighted fake news and information operations, noting laws regarding platform liability mean that social media platforms do not share the liability for defamatory comments made by their users.
This can present “opportunities for those looking to cause reputational damage to a business” according to the NCSC.
The agency added it “helped to combat cyber attacks on the UK electoral system by providing advice and guidance to local government and political parties, but does not have a role in policing content on the internet.
“In January, the UK government announced plans to set up a National Security Communications Unit, under the Cabinet Office, to counter disinformation by state actors and others.”
At the time of that announcement onlookers expressed concern that the “fake news unit” would be used to address matters of legitimate political contention, which the civil service should remain neutral on.