The Committee cited the impact of the ransomware attack on the Government of Costa Rica in April 2022, which left large parts of the nation's digital infrastructure paralyzed for months.
The UK has yet to experience such a coordinated attack across its CNI the Costa Rican experience shows how rapidly a nation can be brought to its knees by such a widescale assault on its digital infrastructure.
The Committee added that following the explosion of ransomware attacks in 2021, the threat from this vector remains as severe as it has ever been.
Most ransomware attacks against the UK are from Russian-speaking actors.
The UK government's efforts in this area are currently inadequate, the report said, and its planning will be found lacking.
As a result, many victims are forced to turn to private cyber incident response firms, including local government authorities.
This is lack of support is largely due to insignificant funding for government agencies responsible for cybersecurity, particularly the National Cyber Security Centre and National Crime Agency.
This includes the NCA facing significant difficulties recruiting cyber specialists, due to its inability to compete with the private sector regarding pay and career progression.
Establish a National Cyber Strategy sub-committee, which should consider progress against each of the five pillars at least twice per year.
Responsibility for tackling ransomware should be transferred from the Home Office to Cabinet Office, in partnership with the NCSC and NSA. Bring forward legislation to urgently update the Computer Misuse Act, which is now 30 years old.
Revisit the funding available for the NCA pay and progression, enabling it to offer salaries that can attract experts with specialist cyber skills.
Hold regular national exercises to prepare for a major national ransomware attack affecting multiple CNI sectors.
Provide funding to the NCSC to establish an enhanced and dedicated local authority cyber resilience program.
Fund the NCSC and NCA to allow them to provide negotiation, recovery and remediation capabilities to all public sector victims of ransomware.
Establish a central reporting mechanism for ransomware attacks, and consider whether to require all UK organizations to report an attack within three months.
The NCSC to produce more detailed guidance, accessible to a non-technical audience, on ow to best avoid the payment of ransoms after an attack.
Commenting on the report, Royal United Services Institute Research Fellow Jamie MacColl, who provided oral and written evidence to the Committee, said it is time to talk more actively about ransomware and organized cybercrime with the public at large, to put it on the political agenda.
Gerasim Hovhannisyan, CEO & Co-Founder, EasyDMARC, said that government leadership must reassess cybersecurity policy as a matter of urgency before it's too late.
The report's findings tie in with worrying findings made by My1Login about the NHS's lack of cyber preparedness.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 13 Dec 2023 12:20:58 +0000