Freely subscribe to our NEWSLETTER

The bottom line is that every organisation can improve their cyber hygiene, reduce risk and turn back bad actors attempting to breach organisations. Also, it’s not unreasonable to assume that identity compromises from phishing attacks often provide hackers with initial access to networks, with unsuspecting employees clicking malicious links in emails. Defenders in the UK can make their organisations so difficult to compromise that adversaries look for other companies to attack. To that end, organisations should consider conducting security awareness training, adopting around-the-clock threat hunting, monitoring for unauthorised changes occurring in their Active Directory environment which threat actors use in most attacks - and having real-time visibility to changes to elevated network accounts and groups.

It should also come as no surprise that threat groups NCSC tracks that are involved in attacks on CNI (Critical National Infrastructure) are expressing their desire to achieve more disruptive and destructive outcomes from their attacks. In the year ahead, there is a strong possibility that website defacement attacks will be augmented by impactful attacks on banking systems, healthcare systems, electric grids and more. And unlike ransomware attacks that are financially motivated and more opportunistic, attacks on national critical infrastructure networks will often by state-sponsored and less amateurish in nature.

Stopping destructive attacks requires a change in the behaviour of organisations trying nobly to protect themselves. Unless governments take steps to improve cyber, unless companies lean into cyber and become more resilient, there is a strong chance the adversaries will have the upper hand. Collectively, we need to constantly uplevel the cyber discussion, bring it to the boardroom. Invest more in people and best practices. Security is a sport played, not watched.