CyberUK highlights

Missed CyberUK 2024? Read our highlights from the event

CyberUK 2024 has just ended, and it was a busy couple of days for the cybersecurity industry. With new guidance and schemes released by the NCSC and GCHQ, you’d be forgiven for missing some of the announcements. 

Don’t worry, at Code Red, we’ve kept our ears to the ground, listening to the speakers and the latest news. 

So, sit back and relax, as we take you through our top three highlights from this year’s event. 

China, China and a bit more about China 

The Electoral Commission breach, the targeting of MPs, and even accusations around the Ministry of Defence breach, means that China’s cyber activities have dominated news headlines over the past couple of months. During her speech at CyberUK 2024 GCHQ Director Anne Keast-Butler made it clear that China was an “epoch-defining challenge” to the UK, and the UK intelligence agency “devotes more resources to China than any other single mission”. 

Whilst Keast-Butler acknowledged the threat posed by Russia and Iran, she said China is the “top priority” for GCHQ. Keast-Butler wasn’t alone, as the White House’s national cyber director, Harry Coker, also voiced his concerns about China, especially the threat it poses to critical infrastructure. In his speech, he highlighted that “in a crisis or conflict scenario, China will wreak havoc on civilian critical infrastructure to deter US mobility.” 

Clearly, both the UK and US governments are concerned about China’s cyber capabilities. I wouldn’t be surprised to see further sanctions against Chinese actors and advisories warning about the threat of state-sponsored groups. 

A new plan to stop ransom payments 

Unsurprisingly, ransomware was another dominant discussion point at CyberUK 2024. 

Despite all the warnings against paying ransom, victims of ransomware are still complying with threat actors’ demands. Last year was a record-breaking year, with ransom payments hitting $1.1 billion

At this year’s event, the NCSC, alongside three major UK insurance associates, announced new guidance in an effort to reduce the number of ransom payments. The guidance provided key points for businesses to consider should they ever fall victim to a ransomware attack. 

The cybersecurity industry welcomed the guidance, especially as it will help organisations better understand how cyber insurance works. However, there were still some slight reservations. Experts pointed out the need for guidance around recovery plans, while some feel that a blanket ban on ransom payments is the only solution to the problem. 

Only time will tell if the NCSC’s guidance proves effective in reducing ransom payments. Either way, it’s positive to see the NCSC continue to try and tackle the issue. 

Extra protection for high-risk individuals 

Day two of the conference, started off with a bang. The NCSC announced a new Personal Internet Protection service, designed to guard against spear-phishing, malware and other cyberattacks.   

The new service, which can be added to personal devices, provides a warning to users “if they try to visit a domain which the NCSC knows to be malicious” and blocks outgoing traffic to these domains. Over the last year several MPs have been targeted by malicious actors, whether that be phishing emails or even a “spear phishing” sexting scam. With a general election looming, extra support for political candidates, election officials and others at risk is welcome. 

It’s been another busy CyberUK event, with the government stating its intent to bolster the cyber resilience of individuals as well as organisations. 

For more cybersecurity stories, insights and analysis, follow Code Red on Twitter and LinkedIn. 

 

Back to Knowledge Hub