According to findings from the NCSC, a record number of cyber security incidents occurred between September 2019 and August 2020, with 723 serious incidents being handled, and over 200 of these being related to Covid-19.
Major targets for threat actors throughout the pandemic have included employees working from home, with potentially substandard security, and academic institutions, to which the NCSC recommended a ‘defence in depth’ strategy.
Covid-19-related phishing emails regarding the Coronavirus Job Retention Scheme, claiming to be from HMRC, were also commonly found by UK businesses.
Additional cyber incidents handled by the NCSC include attacks from state-sponsored hackers, attempting to breach information about a potential vaccine being produced in the UK, and bogus emails claiming to be from health authorities providing important updates.
Forrester releases privacy and cyber security predictions for 2021
Mark Nicholls, CTO of Redscan, believes that universities and research institutions, particularly those that are working on vaccines, should be ensuring that cyber security teams get the support they need.
“Work to develop a Covid-19 vaccine is the latest in a long line of world-changing research projects undertaken by UK universities and other organisations,” said Nicholls. “As we head into a second lockdown, this new NCSC report should really focus minds on the need to secure important research and IP against the latest cyber threats, including state-sponsored attacks. The cost of failing to protect scientific research is immeasurable.
“Our research shows that a large number of universities don’t deliver cyber security training to staff and students, nor commission independent penetration testing. These are foundational elements of every security program and key to helping prevent data breaches.
“Even at this time of intense budgetary pressure, institutions need to ensure that their cyber security teams receive the support they need to defend against sophisticated adversaries. Breaches have the potential to seriously impact organisations’ reputation and funding.”
More resilience needed
Following research from Barracuda Networks that concludes that another spike in cyber attacks could occur this month, Chris Ross, Barracuda’s senior vice-president of sales, international, has called for organisations to be more resilient.
How to adopt a state of sustainable cyber resilience
“Professional cyber hackers have attempted to infiltrate healthcare organisations since the start of the Covid-19 outbreak, and due to these circumstances, it is more important than ever to protect confidential patient information or even research data, from opportunistic cyber attackers,” said Ross.
“As the UK goes into another lockdown, criminals will continue to exploit the pandemic, and most likely target vaccine research facilities once again. Therefore, every organisation must ensure they have resilient cyber security this time around.
“Barracuda researchers saw three main types of phishing attacks using Covid-19 themes at the beginning of the last national lockdown — scamming, brand impersonation, and business email compromise. Barracuda Sentinel detected 467,825 spear-phishing email attacks through March, and it is possible that another spike like this may occur throughout November.
“Scams that endeavour to extract important updates are often very sophisticated and convincing spear-phishing attacks, which are designed to trick individual employees into a false sense of security, before convincing them to willingly hand-over their own private or company data. Tackling this problem and keeping information secure requires robust policies and an overhaul of staff training, and highly sophisticated email inbox defence security which also leverages artificial intelligence, in order to identify and block hacking attempts before they even reach the recipient.”