The National Cyber Security Centre (NCSC) has confirmed that it dealt with 658 incidents in the past year, of which a significant number were “from hostile nation states.”
As the NCSC launched its third annual review, in the same month as it marks three years in operation, the NCSC disclosed that government was the sector that received the most support from the NCSC’s Incident Management team, followed by academia, IT, managed service providers and, in joint fifth, health and transport.
Speaking at the report launch at the NCSC headquarters in London, chief executive Ciaran Martin said that whatever successes it had enjoyed were based on “strong clinical sponsorship” and it was “privileged to have strong political sponsorship, strong strategy, funding and autonomy to get on with the job.”
He added that whilst some attackers “are still doing the same things over and over again and too often getting though,” there are things we and organizational leaders can do to get ahead of the problem, and these include “practical and sensible measures like two-factor authentication, strong passwords, backups and for businesses to scan for vulnerabilities.”
Praising the “excellence” of the NCSC staff and “quality of partnerships” as being “essential to everything we do,” Martin said the role of the NCSC was not just about dealing with threats, but also about its international and domestic outreach to partners and businesses. He said that 56 different countries had visited the NCSC and developed an “indicator of compromise machine” to give 1000 pieces of valuable data per month.
He went on to stress the need to look at “aging legacy systems” as we now have an aggregation of risk because of multiple connections and devices, and we need to do more to secure them. He admitted that not all of the risks will work, “but stand with us through the challenges, as if we get the basics right, we will achieve our mission of making the UK the safest place to live and do business online.”
In the past year, the NCSC has produced 154 threat assessments, delivered, along with sector and law enforcement partners, cybersecurity awareness and training sessions to more than 2700 charities, and welcomed 11,802 girls in the 2019 CyberFirst Girls Competition.
Minister for the Cabinet Office, responsible for resilience against cyber-attacks and protecting critical national infrastructure, Oliver Dowden welcomed the achievements “which shows that we are making the UK a more challenging place for our cyber adversaries to operate in."
He said: “We've made great progress on making the UK safer since launching our world-leading £1.9 billion cybersecurity strategy in 2015. Establishing the NCSC was a key part of this and has played a central role in tackling online threats posed by criminals, hacktivists and hostile nation states.”
Speaking at the launch, Dowden said that after the NCSC’s first two years, “the joint committee on national security strategy praised its impressive impact” and a year on, “there has been even more progress.” Dowden also said that this winter, the NCSC will relaunch the government's national cyber security campaign "Cyber Aware" informing the public about what they need to do to protect themselves from cybercrime.
The report features the success of the Active Cyber Defence (ACD) Programme, which was involved in the takedown of 177,335 phishing URLs 98 percent of phishing URLs, and flagging fraudulent intention against more than a million credit cards to banks.