Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 2 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Lessons From the 2023 National Risk Register Report  

By: Darren Guccione, CEO and Co-founder of Keeper Security

by Guru Writer
August 17, 2023
in Insight, Uncategorized
Lessons From the 2023 National Risk Register Report  
Share on FacebookShare on Twitter

Cybersecurity is a matter of national and international security and should be prioritised as such. This is particularly important when it comes to protecting Critical National Infrastructure (CNI) and the services that UK citizens rely on in their daily lives, as the consequences of disruption to these services has the potential to be devastating. With the world more digitised and interconnected than ever, a significant attack on CNI could lead to physical harm or even the loss of life.  

 

The UK Government recently issued a national statement that warns organisations about the potential for cyberattacks on CNI. The 2023 Edition of the National Risk Register predicts that, in the next two years, there is a 5 to 25% chance that a devastating attack will target critical infrastructure and cause physical harm. This report is based on an internal National Security Risk assessment, which factored in malicious risks the UK may be exposed to including terrorism and cyber-attacks, as well as non-malicious risks such as severe weather incidents. 

 

The report focused on several cyber-related risks, such as attacks on gas and energy infrastructure, fuel supply infrastructure, health and social care systems, the transport sector, financial infrastructure and retail banks, then assessed the risk this poses to national security. A majority of these infrastructures are intertwined, meaning an attack on one could have farther reaching consequences – unless important security controls are carefully considered.  

 

Gas Infrastructure

The UK gas infrastructure is responsible for delivering gas to individual users and businesses across the nation. In the event of a worst-case scenario, a cyberattack could disrupt the gas infrastructure to the extent that the entire system could fail. Under certain circumstances or conditions (i.e. winter) a system failure could lead to loss of life or physical harm to individuals caused by lack of heating, access to necessary medical treatment or a limited ability to safely use gas.  

 

Electricity Infrastructure

A failure of the electricity infrastructure, due to a cyberattack, could disrupt all other critical systems. Great Britain is known to have one of the most reliable energy systems in the world, and as such, maintaining it efficiently and safely is a top priority. A nationwide loss of power could create a ripple effect, causing disruption to internet telecommunications, water, sewage, fuel and gas supplies. In the worst scenario, such an attack would not only create social turmoil, but again, could lead to loss of life.

 

Health and Social Care Systems

Unfortunately, the UK has seen several cyberattacks on its healthcare infrastructure – the largest example being the widely-publicised WannaCry ransomware attack in 2017. Ransomware can cause severe disruptions within healthcare, as it can jeopardise sensitive patient health information and interrupt the critical systems that medical facilities need to operate. This directly impacts patient care and can cause physical harm.  In fact, we have already witnessed examples in which a cyber incident has impacted the health and safety of patients.  

 

Financial Infrastructure

Certain Financial Market Infrastructures (FMIs) are considered CNIs as they enable financial transactions to take place and provide a vital service for the UK economy. FMIs are considered high-profile targets for cybercriminals, and as such, must be resilient to significant cyber incidents. Any attack could take important systems offline, disrupt services, and increase the risk of fraud and operational losses. 

 

Assessing the Potential

The Government predicted that most serious incidents impacting critical national infrastructure would involve encryption, data theft, destroying data that CNIs rely on, or the disruption of operational systems entirely. The likelihood of such an attack for the next two years, however, has been scaled as a four out of five, which is still considered as ‘highly unlikely’ with a ‘moderate’ impact. Although the likelihood is deemed low, it is imperative that organisations prepare themselves for a worst-case-scenario. 

 

Findings from the World Economic Forum’s Global Cybersecurity Outlook highlight the issue further. The Report found that 91% of all respondents believe a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years and 43% of business leaders believe that cyberattacks will have a material impact on their organisations. Businesses of all sizes and in all sectors must prepare for the possibility of a breach and take concrete actions now to protect themselves.

 

Invest in Cybersecurity

Businesses must secure their networks and systems with consistent built-in security that protects all of the technologies they utilise across the company. This should include a secure password manager. Secure accounts and passwords can make a significant difference in keeping an organisation safe from unauthorised intruders or even malicious insiders. This is also important when it comes to supply chain attacks, as bad password practices within third parties could be the gateway into larger organisations.

 

Organisations should implement a Zero-Trust Architecture (ZTA) and Privileged Access Management (PAM) to prevent unauthorised privilege escalation and ensure user access roles are strongly enforced. Companies should also have security event monitoring in place to detect and block anomalous privilege escalation. Least-access policies help ensure users only have access to the data and resources required to perform their job duties.

 

Finally, there must be a shift in the mindset that security teams are the only ones responsible for security. C-suite executives must include security leaders in regular business reviews and plans, while organisations must consistently train all employees to recognize and avoid the latest attack vectors.  

 

The Time To Act Is Now

Cyberattacks against critical infrastructure hold the potential for disaster.  As operational and information technology converge, the opportunities and pathways for cybercriminals to target critical national infrastructure will only continue to grow. Meanwhile, cyberattacks are getting more sophisticated, increasing the risk of threats such as supply chain attacks and ransomware. And critical infrastructure remains an appealing target, because disruption no longer solely affects production and productivity, but could lead to physical damage and harm.  

 

Ultimately, when used for political purposes, cyberattacks targeting the sectors UK citizens rely on may be part of a larger effort to threaten operations, destabilise the Government or disrupt power grids, transportation networks and financial institutions.  In the digital age, it’s clear that cyber and traditional warfare tactics will continue to converge as threat actors use cyberattacks to both support and supplement physical attacks – with devastating consequences.  

ShareTweet
Previous Post

Cyber Mindfulness Corner Company Spotlight: Netskope

Next Post

Cato Networks Named a “Leader” in Zero Trust Edge (ZTE) Report by Leading Research Firm

Recent News

geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026
Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

July 1, 2026

Huntress Launches Managed ISPM as Identity Attacks Drive 79% of Severe Security Incidents

June 30, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol