Russia, led by Vladimir Putin, is one of the nations behind a growing threat (Image: Getty)
The UK should be “extremely worried” about the growing threat of attacks by criminals and hostile foreign states on our computer systems, according to the nation’s head of security. Britain’s enemies have become “more aggressive”, said Vincent Devine, the Government’s chief security officer. He said: “We are also now worried about the risk of disruption of essential services.”
Mr Devine, a senior official in the Cabinet Office, endorsed the findings of a National Audit Office (NAO) report that found countries including , China and Iran are using “increasingly sophisticated methods to carry out malicious cyber activity”. Speaking to a committee of MPs, Mr Devine said: “We should be extremely worried. The National Audit Office sets that out very well. Over the last three years, the threat has grown and evolved. Our adversaries, both hostile states and criminals, have developed capability more rapidly than we expected.
Don’t miss…
“Their risk appetite has changed, particularly from hostile states. They have been more aggressive, more careless in their attacks.
“And the nature of the treat has been evolving. We have been principally concerned in the past about the loss of government information, classic espionage, or about cybercrime. We are also now worried about the risk of disruption of essential services.”
The NAO report said a lack of skilled staff was holding back efforts to protect the UK, with one in three cybersecurity roles in central government either vacant or filled by temporary staff last year. In some departments, half the roles were vacant.
Between September 2023 and August 2024, 89 cyberattacks were classed as “nationally significant”. Many of the most serious attacks targeted central and local government, health services and the police.
An attack last year on a supplier of pathology services to the NHS in south-east London led to two NHS foundation trusts postponing 10,152 acute outpatient appointments and 1,710 elective procedures.
The British Library took more than a year to recover after a ransomware attack in October 2023. Criminals stole encrypted data so it could not be accessed and demanded £600,000 for its return.
After the library refused, criminals released around 600GB of stolen data online.
However, many of the computer systems in government departments are old “legacy” systems and “the Government does not know how vulnerable these are to cyberattack”, said the NAO.
Don’t miss…
Meanwhile, efforts to recruit cybersecurity experts have stalled.
The report warned: “The Government finds it difficult to recruit and retain enough people with cyber skills and to upskill its existing workforce. For more than a decade, skilled cybersecurity professionals have been in short supply and high demand nationally and globally.”
It said the Government had tried to recruit more, but efforts had only been partially successful.
“Departments reported that the salaries they can pay and civil service recruitment processes are barriers to hiring and keeping people with cyber skills,” said the report.