Last month, the National Cyber Security Centre (NCSC) launched its third annual report with the strap-line of ‘Making the UK the safest place to live and work on line’ – also the organisation’s stated mission.
The report is a ready source of up-to-date information and guidance on current threats, and is available free. This includes an authoritative source of advice and capability on the management of, and responses to, cyber incidents.
It also provides a snapshot of the NCSC’s work over the past year like the 658 incidents affecting almost 900 victim organisations, together with some key milestones along the way.
There are seven main sections to the report:
- Cyber security for individuals and families
- Targeting the biggest risks
- Countering the adversary
- International co-operation
- Securing the digital homeland
- Cyber capability for the future
- Celebrating 100 years of GCHQ's cyber mission
Ciaran Martin, CEO of NCSC, states in his opening remarks that: ‘The most immediate threats to UK citizens and businesses come from large-scale global cyber crime. Despite often being low in sophistication, these attacks threaten our social fabric, our way of life and our economic prosperity.’
One aspect of the NCSC’s work given prominence is ‘Active Cyber Defence’ or ACD. The goal of ACD is for there to be fewer cyber attacks. The UK share of global phishing attacks has, for example, dropped as a result of ACD by over a half from mid-2016 to mid-2019. Furthermore, while HMRC was the 16th most phished brand globally in 2016, its ranking had dropped to 126th in the world by September 2019 as a result of ACD services and HMRC countermeasures. This programme continues to develop.
The NCSC works closely with public-sector bodies to protect the networks, data and services which the UK depends upon. The WannaCry ransomware attack in 2017 has led to all hospital trusts in England being offered a free security solution which includes the next generation firewalls and Protective Domain Name System (PDNS) service.
In terms of the national infrastructure, the report gives some valuable details on thwarting ATM attacks, defending online banking, keeping the lights on, threats to air-passenger data, and security the future of smart cities.
The report includes case studies and commendable references. For businesses, many lessons can be drawn from the report's 87 pages.