UK government’s ransomware failings leave country ‘exposed and unprepared’

Jason Macuray
The British government has been accused by a parliamentary committee of taking the “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware.

The British government has been accused by a parliamentary committee of taking the “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware.

The criticism follows the government publishing on Monday its formal response to a report from the Joint Committee on the National Security Strategy (JCNSS) that warned the government’s failures meant there was a “high risk” the country faces a “catastrophic ransomware attack at any moment.”

The JCNSS report made a range of recommendations in December and was particularly critical of the former Home Secretary Suella Braverman, who it said “showed no interest in the topic” despite her department claiming to be the government lead on the issue.

In Monday’s formal response, the government rejected key recommendations in the JCNSS report — including that the Home Office be stripped of its responsibility to tackle ransomware — and argued that its existing regulations and the current National Cyber Strategy were sufficient.

On Monday, Dame Margaret Beckett MP, the committee chair, said it was not surprising that the government wasn’t focusing on preparing “for the acknowledged, extremely high risk of a destructive and ruinously costly cyber-attack on the UK,” noting that a similar risk assessment had been made for a pandemic, despite which “our national response … could fairly be categorised as shambolic.”

Beckett said the government’s response to the JCNSS report made it “ever clearer that Government does not know the extent or costs of cyberattacks across the country – though we’re the third most cyber-attacked country in the world – nor does it have any intention of commensurately upping the stakes or resources in response.”

As previously reported by Recorded Future News, ransomware attacks are reaching record levels in the United Kingdom, with almost as many in the first six months of last year as there were in the whole of the year prior — with central and local government reporting more attacks in that period than they ever had before.

On Monday, the committee expressed its “ongoing, deep concerns” that the government’s “short-termism and lack of preparation and planning” was risking “a severely damaging ransomware attack – with consequences that vary from ongoing damage to the economy and productivity to the real possibility of a national emergency.”

Beckett asked: “If the Government insists on operating the ostrich strategy for national cybersecurity — based on legislation made before the internet arrived, centered on a Department that seems to have difficulty mustering much interest in the issue, and in stark contrast to the cyber-attackers who are so fantastically well co-ordinated and resourced — where is the pro-active national security response to protect the UK supposed to come from?

“The UK is and will remain exposed and unprepared if it continues this approach to tackling ransomware. This response from the Government is not the assurance the Committee sought or that the country needs, and all the responsible and coordinating Departments would benefit from going away and reconsidering how the UK is to defend against this most pernicious threat.”

GovernmentCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Paysign investigating reports of consumer information data breach

Next Post

British authorities have never detected a breach of ransomware sanctions — but is that good or bad news?

Related Posts

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel attack that can infer eye-related biometrics from the avatar image to
Avatar
Read More