Data and securityCyber SecurityThree local authorities leading the Active Cyber Defence Charge

Three local authorities leading the Active Cyber Defence Charge

Three local authorities are among the organisations best defending themselves from online scams

Figures released by the National Cyber Security Centre (NCSC) have revealed that its Active Cyber Defence (ACD) initiative, which was launched one year ago, is proving successful.

The figures from Active Cyber Defence – One Year On show that three local authorities are among the organisations best defending themselves from online scams.

Four pioneering ACD programmes are available – Web Check, DMARC, Public Sector DNS and a takedown service – and form part of the National Cyber Security Strategy to improve basic cyber security by disrupting commodity cyberattacks that affect UK citizens.

The technology, which is free at the point of use, improves defence against threats by blocking fake emails, removing phishing attacks and stopping public sector systems veering onto malicious servers.

Key findings from Active Cyber Defence – One Year On show that since the ACD was introduced:

  • UK share of visible global phishing attacks dropped from 5.3% (June 2016) to 3.1% (Nov 2017)
  • removed 121,479 phishing sites hosted in the UK – and 18,067 worldwide spoofing UK government
  • takedown availability times for sites spoofing government brands down from 42 hours to 10 hours
  • a dramatic drop of scam emails from bogus ‘@gov.uk’ accounts (total of 515,658 rejected in year)
  • average 4.5 million malicious emails per month blocked from reaching users (peak 30.3m in June)
  • more than 1 million security scans and 7 million security tests carried out on public sector websites

The report lists scam domains promoted by phishing emails that have now been removed, such as onlinehmrc-gov.uk, refunds-dvla.co.uk and nationalcrime-agency.com and shares examples of real phishing emails they have prevented from being delivered.

It also puts on record the 10 most spoofed government brands in the year, with HMRC the most targeted with 16,064 fake websites taken down. Also in the list are the DVLA, the Student Loans Company and the Crown Prosecution Service.

The report also breaks down the brands which have been most successfully protected from criminals for each month. Amongst the organisations best defending themselves from spoof attempts thanks to implementing ACD are local authorities such as Northumberland County Council (59,405 attempts in August), Cardiff Council (31,728 in December) and Denbighshire County Council (25,627 in May).

Dr Ian Levy, Technical Director of the NCSC, said: “Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.

“The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks.

“The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.

“Our measures seem to already be having a great security benefit – we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyber attacks in a measurable way.”

Dr Levy continued: “This report shows that simple things, done at scale, can have a positive and measurable effect and the British UK public should be safer as a result of these measures.

“As these measures are scaled up, people should be asked less often to do impossible things, like judge whether an email or website is good or bad, less often.

“The NCSC has committed to being transparent and publishing data. We think the results here show that the first year of our Active Cyber Defence programme have been successful – and the following years will be really interesting.”

You can read the full report here: www.ncsc.gov.uk/information/active-cyber-defence-one-year.

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

2y Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

2y Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

2y Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

2y Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

2y Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

2y Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2y Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2y Jay Ashar