Data and securityCyber SecurityNCSC defends UK from more than 10 cyber attacks a week

NCSC defends UK from more than 10 cyber attacks a week

NCSC believes hostile nation states behind majority of cyber incidents and highlights how its Active Cyber Defence reduces UK’s share of visible global phishing attacks by more than half

The National Cyber Security Centre (NCSC) has defended the UK from an average of more than 10 attacks per week, according to the organisation’s newly-published Annual Review.

The review highlights the sustained threat from hostile state actors and cyber criminals. Since it became fully operational in 2016, the NCSC’s cyber security front line has helped to support with 1,167 cyber incidents – including 557 in the last 12 months. The report reveals the majority of attacks against the UK are carried out by hostile nation states.

The Annual Review gives unprecedented detail about the tactics used by the NCSC’s Incident Management team, who work behind the scenes to co-ordinate defences to support UK victims when attacks do get through.

For the first time, the NCSC is giving a glimpse into the work against the ongoing cyber threat in a podcast, “Behind the scenes of an incident”, which features interviews with a range of staff who defend the UK from cyber attacks.

David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: “As the minister with responsibility for overseeing the implementation of the National Cyber Security Strategy, I am proud of what NCSC has achieved in just two years of operations.

“Our National Cyber Security Strategy set out ambitious proposals for how this Government will defend our people, deter our adversaries and develop UK capabilities to ensure we remains the safest place to live and do business online.

“NCSC has more than risen to this challenge, defending the UK from over 1,100 cyber attacks and reducing the UK’s share of global phishing attacks by more than half.”

Proactive

The NCSC’s review talks at length about how it takes a proactive approach to securing the UK’s online defences. The Active Cyber Defence (ACD) initiative, for example, aims to protect the UK from high-volume commodity attacks that affect people’s everyday lives.

Since its launch, ACD has reduced the UK’s share of visible global phishing attacks by more than half; from 5.3% to 2.4%. Between September 2017 and August 2018, the service has removed 138,398 phishing sites hosted in the UK.

Citizen tools

Ciaran Martin, Chief Executive of the National Cyber Security Centre said: “As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defence in the world to help the UK thrive in the digital age.”

The NCSC is committed to promoting a national conversation around cyber security. Earlier this year, the government’s flagship cyber security conference, CYBERUK, was held in Manchester and welcomed 2,500 delegates.

Following the success of CYBERUK 2018, the NCSC will widen its geographical footprint in year three as Scotland will, for the first time, host the 2019 event. Government and industry professionals will gather in Glasgow, one of the first UK cities to get 5G internet, on 24 and 25 April to share cyber security best practice in the face of complex problems and threats.

More to be done

As well as the nearly 1,200 attacks in the past two years, the annual review warns of the likelihood of a major life-threatening cyber attack on the UK in the near future. Commenting on this, Mishcon de Reya Cyber Security Lead Joe Hancock said: “1,200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg.

“The majority of these attacks on business, government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.

“More needs to be done to support law enforcement in supporting both victims and responders to better detect and recover from them. The NCSC is a critical part of these activities and the UK strategy to become one of the safest places to be online. We are keen to see this strategy broadened with further investment.

“A focus on critical infrastructure is welcomed by everyone who relies on electricity for their business and gas to heat their homes. It doesn’t however help the millions of victims of cyber fraud.

“The recent Facebook breach shows the potential downsides of large scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.

“Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals.

“More is needed to help protect everyday victims of these crimes, especially in the international arena. It is difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.

“Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

The Annual Review 2018 can be reached here.

Related Articles

Cyber security is about much more than technology

Cyber Security Cyber security is about much more than technology

2d Austin Clark
Q&A: How cyber security is changing in the public sector

Cyber Security Q&A: How cyber security is changing in the public sector

1m Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

2m Austin Clark
Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

3m Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

3m Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

3m Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

4m Guest Writer
Making the cloud a safe space

Cloud Computing Making the cloud a safe space

4m Guest Writer