When it comes to cyber security, the UK prides itself on taking a comprehensive approach to protecting organisations and users alike, writes Malcolm Murphy, Chief of Staff, EMEA, Infoblox.
The UK’s National Cyber Security Centre (NCSC) was set up in 2016 as the cyber arm of GCHQ with the intention of “helping to make the UK the safest place to live and work online.” Its mission is to “reduce the harm from cybersecurity incidents in the UK” via incident management and response. According to recent statistics, the Centre has stopped more than 600 cyber-attacks across the UK in the past year, bringing the total number to 1800 since the NCSC was formed in 2016.
The past year alone, however, has been reported as one of the worst on record for breach activity. Compared to the midyear of 2018, the number of reported breaches was up 54pc and the number of exposed records was up 52pc, according to a report published by Risk Based Security. Networking is changing, and security has to change with it. So as we look towards 2020, what can the UK do to maintain the online safety of its residents? Here are three ways the UK can stay one step ahead when it comes to cyber security.
Approach
They say that prevention is the best cure, and according to the NCSC’s third annual review, the United Kingdom is taking an increasingly proactive and comprehensive approach to protecting organisations and users. The report describes the British cybersecurity strategy as revolving around the government’s ability to constantly share threat indicators with organisations as “active defence”.
In the past year, the Centre has worked in partnership with law enforcement to increase cyber awareness and training sessions to more than 2,700 charities and enabled nearly 3,000 SMEs to do simulated cyber exercises for themselves.
The review also highlighted the importance of the Active Cyber Defence (ACD) programme, which has helped 98% of malicious phishing URLs to be taken down, 62pc inside the first hour of them being in existence. Detecting signs of attack early and acting quickly is crucial for the UK to remain on the front foot.
Look to automation
The UK is already deploying automation in some areas to improve its cyber threat intelligence and information sharing capabilities, with great success. Operation Haulster, for example, automates the flagging of credit card fraud in the UK. The operation automatically flagged fraud on over one million stolen credit cards last year alone.
As a result, the NCSC’s Incident Management Team can now provide technical advice and guidance and co-ordinate any cross-government response in order to detect and stop threats in their tracks in a matter of seconds, as opposed to a matter of hours. This new level of automation also gives the team greater visibility into where threats are coming from and who they may be targeting. For example, for the first time ever this year, the NCSC was able to report on which specific sectors needed the most support.
To maintain higher levels of online security, automation technology needs to be widely replicated across sectors to speed up detection and put a stop to threats early, before they become a problem.
Risk by sector
When it comes to evaluating cyber security risk by sector, it seems that some are more at risk than others. The Annual Review 2019 – National Cyber Security Centre found, for example, that many of the UK’s 180,000 charities had experienced a wide range of cyber-attacks from companywide breaches to individual hacks. In fact, one charity lost £13,000 after its CEO’s email account was hacked and a fraudulent message was sent to the financial manager with instructions to release the funds.
In response, the NCSC developed an educational programme designed to put the charity sector in a stronger position when it comes to cyber security. It features a series of simple steps to protect organisations from attack and protect reputation, funds and data from falling into the wrong hands.
It’s not only the charity sector that comes under scrutiny from cyber-attacks. In partnership with the education sector, the NCSC has produced the first dedicated piece of research on cyber security in schools. It spoke to more than 430 schools across the UK, with 92% stating that they would welcome more cyber security training for teachers and other staff. In response, the NCSC is developing a dedicated training package for schools.
Tailoring cyber security risk assessment and strategy to specific sectors is essential for the UK to future-proof its online security.
The NCSC is doing a highly commendable job across numerous sectors in countering the increasing cyber threat posed by bad actors. Not only by putting in preventative measures, but also by educating the younger generation in the hope that they’re able to stay one step ahead.
However, hackers are some of the most innovative criminals in the world, continuing to develop more sophisticated ways to steal data from unsuspecting victims. It is not only up to the Government, but also up to organisations and consumers themselves to be warier of the threats facing them to stay on the front foot and tackle issues at the source. Tightening the reins across both business and domestic online networks will help to strengthen the UK’s security when it comes to cyber-attacks.
