In its annual report it found that firms are facing a growing threat from ransomware, data breaches and weaknesses in the supply chain, with emerging threats that include theft from cloud storage.
Are companies putting too much faith in the cloud? The NCSC seems to think so.
The NCSC, part of the government’s surveillance agency GCHQ, published its report to coincide with the opening of a three-day conference in Manchester which is expected to attract 1,800 cybersecurity experts.
According to the report the tempo and volume of cyber incidents continues to accelerate as attackers devise new ways to harm businesses and citizens and the NCSC has warned that a major cyber-attack on UK is a matter of 'when, not if'.
The UK business community is confronted by a cyber threat that’s growing both in scale and in its complexity, and if they don’t take the issue seriously they are likely to suffer serious financial and reputational consequences.
NE recently looked at developments in security and how companies and their supply chains were responding, or not to its growing threat. Our research highlighted the risks companies were taking with security, with many smaller businesses saying that it was a cost they couldn’t afford.
The under-reporting of cybercrime by businesses is another issue. It’s a crucial tool whereby evidence and intelligence about threats and offenders can be collated and the NCSC is urging companies to make full and early reporting of cybercrime a priority.
The vulnerabilities highlighted in the NCSC report include the spread of the “internet of things” where many internet-connected devices sold to consumers lack even basic cybersecurity provisions.
But probably the most interesting finding from the report was the NSCS’ s warning over cloud security.
It’s a tempting target, according to the report, and cyber criminals will certainly be taking advantage of the fact that many businesses put too much faith in their cloud providers and don’t stipulate how and where their data is stored.
The report concludes with a warning that no matter how good a company’s cybersecurity, it is at risk if this is not matched by the management of service providers and software.
As we note in our last issue of NE, cyber attackers will target the most vulnerable part of a supply chain, so be prepared.
