Download PDF version Contact company

The National Cyber Security Centre (NCSC) has issued a warning of heightened cyber threat to UK critical national infrastructure due to the risk posed by Russia state-aligned actors.

Pro-Russia ‘hacktivists’ have been targeting vulnerable small-scale industrial control systems in the UK, Europe and North America with more attacks expected over the coming months to target critical national infrastructure.

AI-enabled cyber threats

The NCSC outlined that the threats have largely been technically unsophisticated although US agencies have reported physical disruption to operations. The majority of activity so far has been DDoS attacks and website defacements.

The majority of activity so far has been DDoS attacks and website defacements

David Manfield, Associate Director for Cyber Security at Investigo, part of The IN Group, comments: “During periods of heightened cyber threat organisations must re-evaluate their cyber defences, from technology to people, to ensure they can remain robust in the face of an attack. Alarmingly, cyber staff is the top talent pain point for over a third of organisations, according to our Tech and the Boardroom survey, highlighting a stark gap in cyber readiness. Especially in the era of AI-enabled cyber threats, organisations should prioritise building a more diverse pipeline of tech talent, actively recruiting staff with specialist cyber skills that can lead and implement policies and technology adoption to bolster defences.”

Russian invasion of Ukraine

Ideologically driven state-aligned groups, often sympathetic to the Russian invasion of Ukraine, have been behind a series of threats over the past 18 months.

NCSC has urged all active technology owners and operators to follow the urged relief

In response, the NCSC has urged all operational technology owners and operators to follow recommended mitigation advice to bolster cyber defences. With a focus on critical national infrastructure, the NCSC said: “We expect these groups to look for opportunities to create such an impact, particularly if systems are poorly protected.”

Network access security applications

Achi Lewis, Area VP EMEA for Absolute Security, commented: “Cyber resilience should be the top priority for the NCSC, government and businesses, underpinning comprehensive cyber defence measures to combine reactive, preventative and recovery procedures. With cyber-attacks being a case of when, not if, particularly when it comes to critical national infrastructure, it is vital that organisations ensure their endpoint devices are best protected against threats to best mitigate the threat and impact of a breach.”

For many devices, essential security tools are failing, as shown in our Cyber Resilience Index. When not supported by remediation capabilities, Endpoint Protection Platforms and network access security applications on managed PCs fail to operate effectively 24 percent of the time, opening high-risk security gaps and making them vulnerable to breaches. While central networks appear a desirable entry point for malicious attackers, endpoints can be an easy route into an organisation’s systems if they’re behind patching and lack the necessary security controls.”

Impact of cyber threats

Oseloka Obiora, CTO, RiverSafe said: “Any attack against critical national infrastructure could have a catastrophic impact on public services, requiring sturdy cyber defence measures. In order to effectively mitigate the impact of cyber threats, security teams need comprehensive network visibility to enable them to both detect and address vulnerabilities before significant damage is caused.” 

Specifically in dispersed environments, observability should be at the core, monitoring the condition of networks, infrastructure and applications based on data outputs to ensure issues can be identified and resolved swiftly. Effective network visibility through observability could be the difference between hours and days’ worth of downtime should a successful attack occur.”

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?