DSIT cyber security newsletter - December 2024
Published 20 December 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-december-2024/dsit-cyber-security-newsletter-december-2024
1. Director’s message
Like many others, I spent last weekend putting up some Christmas decorations. Our tree is bedecked not just with traditional things like baubles but with everything from an American school bus to a Viking longship. It’s quite the spectacle.
As ever, however, the run up to the holiday period has been an intensely busy one. A high point for me this month was co-chairing the UK-EU Cyber Dialogue. Bringing together colleagues from across the EU, the event focused on areas including cyber governance, operational technology, AI security, digital identity, memory safety, and cyber skills. A statement on the UK-EU Cyber Dialogue can be found here.
This month also saw 13 teams from schools across the UK claiming the top prize in the CyberFirst girls’ competition run by the NCSC, out of more than 800 schools and 14,500 students that took part. This is the largest number of students that have taken part since its inception, which is absolutely fantastic. I hope that this experience will have helped kindle an enthusiasm in the participants, leading them to fulfilling careers in cyber and technology.
While much has been achieved in 2024, we also know that there is a lot more to be done as we look ahead to 2025. The NCSC annual review was published on 3 December and the comments by their new CEO Richard Horne were notable. He said the cyber threat to the UK is being “widely underestimated” and urged industry to do more to increase resilience at a time when state threats, data theft and ransomware are ballooning.
We are certainly alive to the challenge here and preparing to move full steam ahead with a range of policies and initiatives next year – including the Cyber Security and Resilience Bill, which will be introduced to Parliament in 2025.
Before then, however, I do hope that you will be able to have some rest and relaxation over the holidays, and may I wish a merry Christmas and happy Hannukah to all those who celebrate.
Rod Latham
Director, Cyber Security and Digital Identity
2. NCSC annual report highlights cyber threat to UK
The National Cyber Security Centre published its annual report on 3 December, with new CEO Richard Horne warning the cyber threat facing the UK is “widely underestimated.”
In his speech, Dr Horne said, “Hostile activity in UK cyberspace has increased in frequency, sophistication and intensity. All sectors of UK society are under threat of data theft from this activity… and yet, despite all this, we believe the severity of the risk facing the UK is being widely underestimated.” He urged industry to collectively boost resilience by following NCSC advice.
The annual report details how the NCSC handled 430 serious cyber incidents, up from 371 the previous year. Of these, 347 involved data exfiltration and 20 incidents involved ransomware.
3. Team of British women take part in international cyber event in Japan
In November a team of CyberFirst Bursary alumni joined teams from Japan, USA and Europe at the inaugural Kunoichi Cyber Games. The games champion women in cyber security and inspire them to pursue careers in the sector. In the UK only 17% of the workforce are women, and this falls to 14% in senior roles.
The team had a brilliant experience taking part in networking, working with Japanese school children and competing in capture the flag competitions. The team also met the British Ambassador to Japan, Julia Longbottom. A huge congratulations to the team and thank you to all those who supported their journey to the games.
4. Successful campaign for first round of the UK Cyber Team competition
The UK Cyber Team Competition, a new national capture the flag competition for 18-25 year-olds attracted over 1,300 young people from across the UK sign up to take part.
This competition has been established to identify top cyber talent who will be invited to join the Team and to represent the UK at international cyber competitions.
Industry has a pivotal role in this initiative working with DSIT to help nurture the next generation of cyber talent. Industry partners are invited to get involved and support the UK Cyber Team Competition and build a sustainable talent pipeline for the cyber sector.
There are varied sponsorship opportunities available. To find out more, visit the UK Cyber Team website or reach out directly to DSIT’s delivery partner SANS at cyberteamukpartners@sans.org.
5. Have your say on the future direction of the Cyber Exchange
Cyber Exchange is DSIT’s online platform delivered in partnership with techUK that maps the UK cyber sector and gives companies an opportunity to raise their profiles. The website helps buyers and companies discover innovative cyber companies, supports investment and highlights key announcements across the sector.
We are now conducting a Cyber Exchange survey to better understand its audience and what changes could be made to better serve users. If you could take two to three minutes to answer these multiple-choice questions, this will help the Cyber Exchange in its future development. The survey closes at 12 midnight on Friday 20 December.
6. Stop! Think Fraud campaign urges two-step verification
The government’s Stop! Think Fraud campaign has been urging the public to be wary of online scams in the run up to Christmas. The latest campaign encourages online shoppers to set up two-step verification on their important accounts as they seek festive deals around ‘Black Friday’.
The campaign included Instagram videos from The Savvy Spender and Carley Fowler discussing the benefits of two-step verification and how it can prevent hackers and scammers from accessing important accounts, like your email.
For more information read the NCSC news story or visit the campaign website.
7. Government funding for new AI security research lab
The government has provided over £8 million in funding for a new Laboratory for AI Security Research. The lab – a partnership with world-leading experts from universities, the intelligence agencies and industry – will boost Britain’s cyber resilience and enhance the cyber security of AI.
The lab will receive £8.22 million of initial government funding, with industry encouraged to invest in the partnership to support future research. Partners include DSIT, the Foreign Commonwealth Office, GCHQ and NCSC, the MOD, the Alan Turing Institute, the AI Safety Institute, the University of Oxford, Queen’s University Belfast and Plexal.
8. Cyber Runway – Slush
In November a delegation of Cyber Runway companies took part in an international visit to the Slush investor event in Helsinki, Finland. Slush is a tech and start up event that facilitates the meetings between founders and investors.
The twelve companies from the programmes Scale and Ignite cohorts were able to network with investors, attend panel sessions and create connections across the international tech sector. As a part of the trip the participants attended an exclusive investor dinner that enabled them to engage directly with some of Europe’s most prominent cyber-focused investment funds. The next Slush event happens in November 2025.
9. Northeast cyber security community unites as collaboration takes centre stage at Cyberfest 2024
Collaboration was the theme of the month as the North East’s biggest cyber security festival brought together over 1000 cyber enthusiasts during CyberFest 2024.Now in its seventh year, October was all about CyberFest and this year CyberNorth brought national and international businesses, academics, students, thought-leaders, innovators, and cyber enthusiasts together across 24 events over a month dedicated to shining a spotlight on the North East’s buoyant cyber business community.
Cyber security leaders and professionals from the field came out in force to support speaker events, panel debates, networking opportunities and practical workshops, ranging from a schools’ debate and women in cyber fireside chat, to hosting the UKC3 pancluster meet-up and a cyber career show alongside the sell- out one day CyberFest Community Conference.
The festival also signalled the launch of the very first CyberNorth Awards showcasing and celebrating the achievements of individuals and organisations across the cyber security sector in the Northeast.
Plans are already taking shape for 2025, so get in touch at hello@cybernorth.biz if you’d like to be involved.