UK government’s ransomware failings leave country ‘exposed and unprepared’

Jason Macuray
The British government has been accused by a parliamentary committee of taking the “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware.

The British government has been accused by a parliamentary committee of taking the “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware.

The criticism follows the government publishing on Monday its formal response to a report from the Joint Committee on the National Security Strategy (JCNSS) that warned the government’s failures meant there was a “high risk” the country faces a “catastrophic ransomware attack at any moment.”

The JCNSS report made a range of recommendations in December and was particularly critical of the former Home Secretary Suella Braverman, who it said “showed no interest in the topic” despite her department claiming to be the government lead on the issue.

In Monday’s formal response, the government rejected key recommendations in the JCNSS report — including that the Home Office be stripped of its responsibility to tackle ransomware — and argued that its existing regulations and the current National Cyber Strategy were sufficient.

On Monday, Dame Margaret Beckett MP, the committee chair, said it was not surprising that the government wasn’t focusing on preparing “for the acknowledged, extremely high risk of a destructive and ruinously costly cyber-attack on the UK,” noting that a similar risk assessment had been made for a pandemic, despite which “our national response … could fairly be categorised as shambolic.”

Beckett said the government’s response to the JCNSS report made it “ever clearer that Government does not know the extent or costs of cyberattacks across the country – though we’re the third most cyber-attacked country in the world – nor does it have any intention of commensurately upping the stakes or resources in response.”

As previously reported by Recorded Future News, ransomware attacks are reaching record levels in the United Kingdom, with almost as many in the first six months of last year as there were in the whole of the year prior — with central and local government reporting more attacks in that period than they ever had before.

On Monday, the committee expressed its “ongoing, deep concerns” that the government’s “short-termism and lack of preparation and planning” was risking “a severely damaging ransomware attack – with consequences that vary from ongoing damage to the economy and productivity to the real possibility of a national emergency.”

Beckett asked: “If the Government insists on operating the ostrich strategy for national cybersecurity — based on legislation made before the internet arrived, centered on a Department that seems to have difficulty mustering much interest in the issue, and in stark contrast to the cyber-attackers who are so fantastically well co-ordinated and resourced — where is the pro-active national security response to protect the UK supposed to come from?

“The UK is and will remain exposed and unprepared if it continues this approach to tackling ransomware. This response from the Government is not the assurance the Committee sought or that the country needs, and all the responsible and coordinating Departments would benefit from going away and reconsidering how the UK is to defend against this most pernicious threat.”

GovernmentCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Paysign investigating reports of consumer information data breach

Next Post

Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan?

Related Posts

The most significant number from Samsung’s Galaxy S24 announcement

My goodness, there's a lot to be said about Samsung's newly announced Galaxy S24 family of flagship Android devices.Aaaaand, spoiler alert: We won't be saying most of those things here, in this column, today.Now, don't get me wrong: Samsung's latest and greatest Galaxy models have tons of good stuff going for 'em. From the eye-catching hardware to the specs to end all specs, Samsung rarely holds back with its top-of-the-line Android offerings. And this year's devices appear to be no exception.To read this article in full, please click here
Avatar
Read More

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886. The Google Cloud
Avatar
Read More