The UK government has recently published new guidance on combating ransomware attacks, with a focus on securing supply chains to prevent cyber criminals from exploiting vulnerabilities. Developed in collaboration with Singapore through the Counter Ransomware Initiative (CRI), the guidance offers practical steps for organizations to assess supplier security and mitigate risks. The CRI, supported by 67 countries and international organizations like Interpol and the World Bank, aims to address the growing threat of ransomware attacks globally.
UK Security Minister Dan Jarvis emphasized the urgent need for cybersecurity measures, stating that ransomware attacks pose a significant threat to national security and the economy. The National Cyber Security Centre (NCSC) director, Jonathan Ellison, highlighted the importance of implementing basic cybersecurity measures to prevent ransomware incidents. He encouraged organizations to follow the NCSC’s supply chain security guidance to enhance their resilience against cyber threats.
The guidance outlines a comprehensive plan to strengthen supply chain security, including selecting secure suppliers, communicating security expectations, integrating cybersecurity into contracts, conducting audits, and requiring cyber insurance policies. It also recommends collaborating with suppliers to review incidents, exercise response plans, share threat intelligence, and update contracts to reflect evolving cybersecurity challenges.
Shirine Khoury-Haq, CEO of The Cooperative Group, emphasized the need for resilience and collaboration following a ransomware attack that cost the company £206m. She stressed the importance of learning from cyber incidents to prevent future harm and build a safer digital environment.
In addition to the ransomware guidance, the UK plans to sign the UN Convention against Cybercrime, a global treaty aimed at combating cybercrime. The convention, adopted in December 2024, criminalizes cyber-enabled offenses such as child exploitation and fraud, while also promoting international law enforcement collaboration. Despite concerns about its effectiveness in addressing ransomware attacks linked to Russian-speaking gangs, the convention represents a significant step towards global cybersecurity cooperation.
Overall, the UK government’s initiatives underscore the importance of securing supply chains, enhancing cybersecurity measures, and fostering international collaboration to combat cyber threats effectively.
