Cyber security | UK Regulatory Outlook April 2023

NCSC warns of attacks from Russian hackers

A new alert from the National Cyber Security Centre (NCSC) highlights risk to critical national infrastructure from state-aligned groups following the Russian invasion of Ukraine.

The NCSC has warned that some groups have stated an intent to launch "destructive and disruptive attacks" and that as the groups are not subject to formal state control, their actions are "less constrained and… less predictable".

Critical national infrastructure organisations should ensure they have taken steps outlined in the NCSC's guidance to strengthen their defences, in particular, to consider implementing the advice on secure system administration.

DSIT publishes Cyber Security Breaches Survey 2023

The Department for Science, Innovation and Technology (DSIT) has published the latest Cyber Security Breaches Survey.

This is an annual survey detailing the cost and impact of cyber breaches and attacks on businesses, charities and educational institutions. The survey showed that over the past 12 months, 32% of all businesses and 24% of charities reported a cyber incident. For medium and large business, these percentages were almost double. It is estimated that the average cost of cyber incidents to business of any size was approximately £1,100. For medium and large businesses, this increases to almost £5000.

The NCSC CEO, Lindy Cameron, speaking at the CYBERUK 2023 event, explained that many of the incidents were as a result of poor cyber hygiene rather than the use of complex or sophisticated attack techniques. Thus she encouraged organisations to consider Cyber Essentials certification as part of an "annual cyber security 'MOT'".

NCSC launches new Cyber Advisor scheme

The NCSC is launching a new Cyber Advisor scheme to help small and medium organisations to achieve a baseline level of cybersecurity.

Cyber Advisor is a targeted consultancy scheme aimed primarily at small organisations, which often lack in-house expertise or access to qualified experts to help secure their networks, with limited time and funds to invest in security.

Cyber Advisors will provide cost-effective advice, and where required, hands-on help to help the businesses implement the five Cyber Essentials Technical Controls.

National Cyber Force reveals details of daily cyber operations

On 4 April 2023, the National Cyber Force (NCF) published a paper entitled "Responsible Cyber Power in Practice", detailing for the first time how it delivers cyber operations daily, to further the UK's foreign policy, support military operations and prevent serious crime.

The NCF, which is a partnership between GCHQ and the Ministry of Defence, carries out activities including "disrupting networks and operational capabilities" of the UK's enemies, "technical disruption" against terrorist groups, and countering "sophisticated, stealthy and continuous cyber threats".

Europol weighs in on criminal use of ChatGPT and LLMs

On 27 March 2023, Europol published an article warning about the potential misuse of ChatGPT by cybercriminals, and the general exploitation of large language models (LLMs) – a type of artificial intelligence system that can process, manipulate and generate text.

Europol highlighted three main areas of concern as the capabilities of LLMs such as ChatGPT are being continually improved upon:

• Fraud and social engineering: LLMs' ability to reproduce language patterns and impersonate the speech style of individuals or groups can make it a useful tool for phishing purposes.
• Disinformation: ChatGPT's ability to produce large amounts of text at great speed and scale makes it liable to being used for propaganda purposes.
• Cybercrime: ChatGPT is capable of producing potentially malicious code in a number of different programming languages.

Government launches third wave of Cyber Security Longitudinal Survey

The government has launched the third wave of its Cyber Security Longitudinal Survey to investigate cybersecurity practice and policies, as well as the costs and impacts of cyber incidents on organisations.

The CLS is part of a three-year study analysing the cybersecurity behaviours of a total of 688 UK medium and large businesses and 373 high-income charities. The research aims to contribute to government policy on cyber security and will support the government's work with industry and charities to ensure online safety.

Wave three results are expected to be published by early 2024.

AI white paper sets out UK approach to artificial intelligence

On 29 March 2023, the Department for Science, Innovation and Technology (DSIT) published an AI white paper on the government's proposals for implementing a proportionate, future-proof, and pro-innovation framework for regulating artificial intelligence.

The white paper highlights both the cybersecurity threats and opportunities that AI creates. As part of the white paper, the DSIT has launched a consultation seeking feedback on its proposals. The consultation closing date is 21 June 2023.

See our Insight for more information, and also the Data Protection section.