Ransomware and aggressive state actors remain a significant threat in cyberspace, says GCHQ director

Ransomware continues to be the most acute and pervasive cyber threat for UK businesses and organisations at a time of unprecedented acceleration of technology, according to GCHQ director, Anne Keast- Butler.

Speaking at CyberUK 2024 in Birmingham last month – about future threats in cybercrime, Keast-Butler said the security services are working with partners to detect criminal activity and degrade the ransomware ecosystem in order to reduce the threat to UK businesses and critical infrastructure and bring those responsible to account.

Major threats to UK business

Major threats include the growing links between Russian intelligence services and proxy groups responsible for cyberattacks and sabotage operations, she said.

“Before Russia simply created the right environment for these groups to open. But now they are nurturing and inspiring these and other State cyber actors. In some cases, seemingly coordinating physical attacks against the West. The Russian threat is acute and globally pervasive. It requires constant vigilance and collaboration to defeat it.”

China and Iran present another considerable threat, she continued. While the former is ever more assertive, the latter is aggressive in cyberspace with state actors implicated in attacks against victims in many countries.

“Iran is continuing to grow its cyber espionage expertise. They might not always use the most advanced capabilities to conduct their operations, but they should not be underestimated,” Keast-Butler commented.

She maintained that while Russia and Iran pose immediate threats, China is the epoch defining challenge and is looking to shape global technology standards in its own favour through coercive and destabilising actions. As a result, GCHQ now devotes more resources to China than any other single mission.

“Recent events demonstrate that our country and democratic institutions remain of interest to the Chinese authorities. China has built an advanced set of cyber capabilities and is taking advantage of growing commercial ecosystem of hacking outfits and data Breakers at its disposal. The PRC is seeking to assert its dominance within the next 10 to 15 years and poses a genuine and increasing cyber risk to the UK.

“Responding to the scale and complexity of this challenge is GCHQ’s top priority,” she told conference participants.

Key ingredients to manage cyberthreats

The UK intelligence community is working alongside its Five Eyes allies and in partnership with industry and academic colleagues.

Keast-Butler said: “Technology and security are more tightly coupled than ever before. Collaboration across academia, the private and public sectors, is crucial for developing cutting edge science and technology solutions for national security.”

She explained that technological transformation of the next decade will far exceed the last – and this is particularly relevant to generative AI. However, GCHQ will use its expertise to ensure security and safety are hardwired in AI, and to understand how adversaries plan to use AI to harm the UK.

“We’re using AI across all parts of intelligence and security to support our people, and in responsible and ethical ways. We’re leveraging AI advancements to bolster our protection against cyber threats – from child exploitation and phishing emails to enhanced ransomware and spreading disinformation.”

In essence, she says there are three key ingredients required to effectively manage evolving technological threats: resilience, partnerships and speed.

“We need to work together to make our systems more resilient to threats and protect our sensitive data from falling into the wrong hands. We need a collaborative effort between government and the private sector, especially where UK critical infrastructure is privately owned. That brings me on to partnerships: we need to work together, faster and ever more effectively.”

Keast-Butler concludes: “True resilience is something in which we all have a stake and good cyber security matters more than ever.”