Experts reflect: what are the biggest threats to cybersecurity in 2022?

The global threats faced by the UK are increasingly digital. Amid reports of cyberwarfare in Ukraine, CSW hears from key voices on the biggest threats and what the public sector can do to minimise them

By Civil Service World

11 Apr 2022

Tobias Ellwood, chair of the Defence Select Committee

"Cybersecurity must be consciously and consistently integrated into both military and civilian planning and activities, whether we face open hostilities or not. Military networks are critically important to protect, however this protection must extend beyond the military alone. Our heavy reliance on technology creates a vulnerability that hostile states can easily exploit, and the only way to address this is to entrench cybersecurity in public life.

“Just recently we’ve seen Ukrainian government websites targeted by malware in order to undermine and sabotage the Ukrainian state. Cyberattacks on public institutions are now part and parcel of modern warfare. The public sector should work closely with agencies such as the National Cyber Security Centre to ensure that channels of communications, and the sensitive information they contain, are provided watertight protection.”

Chitra Balakrishna, programme leader for cyber security at the Open University

"In the current times, businesses and individuals are always under threat or risk from a cybersecurity attack or a breach. Malicious hackers exploit certain geopolitical events such as wars, elections, natural catastrophes and accelerate their attacks. For instance, during Covid, the number of phishing attacks increased by 400%.   

“Ongoing war between Russia and Ukraine and the consequent response from the western democracies has already resulted in heightened threat and risk to businesses and individuals within western nations. Recent reports published by intelligence agencies in the UK and US have identified a new malware attributed to a Russian hacking group.

“Businesses, particularly those offering critical services such as healthcare and financial services should take proactive measures. They should make sure that their fundamental cybersecurity practices and procedures are in place and functioning and offer a temporary boost to their defences. 

“This should include running a robust awareness campaign among their workforce, so they do not fall prey to a malicious phishing attack that could potentially lead to a wider data breach. In the current geopolitical climate, the threat of cyber warfare could be as dangerous as a territorial military invasion and potentially cause similar havoc and disruption to nations and their people.”

Dan Patefield, head of cyber and national security at techUK

"The pandemic has accelerated digital transformation across all sectors and organisations. In parallel, the cyber threat landscape continues to evolve with key challenges including those around securing the supply chain and ransomware attacks. In order to tackle this growing threat, all public sector organisations must regularly assess and update their cybersecurity capabilities recognising that cyber is an enabler of everything modern organisations do.

“We have recently seen the Cabinet Office publish the Government Cyber Security Strategy which clearly outlines an ambitious programme for how the public sector will look to instil further resilience across the public sector estate. This includes learning lessons from CNI sectors, broadening coordination between departments and acknowledging that cybersecurity is a shared responsibility, from director level to frontline services.

“The UK is well placed to achieve these ambitions with world-leading capability and an innovative and growing cybersecurity sector. Guidance from the National Cyber Security Centre is always a useful place to start for any organisation.”

John Edwards, information commissioner

"My office has seen a 19% rise in reports of cybersecurity incidents involving people’s personal data over the past two years. Our experience is that many of the issues are preventable and getting the basics right is the first step. 

“It’s not a question of do it once and forget about it. It’s about creating a culture of vigilance. Our stats show that a growing number of cyber-attacks come from phishing, with emails looking to trick or persuade staff to share usernames and passwords. Measures such as multi factor authentication help here, but up-to-date staff training is essential to spot and report phishing attempts. 

“Cybersecurity can seem intimidating, but it doesn’t have to be. There’s a wealth of advice available including our practical guide to keeping your IT systems safe and secure as well as information from the National Cyber Security Centre and the Cyber Essentials campaign.” 

Share this page