The NCSC points to what the arm of GCHQ calls a sustained threat from hostile state actors and cyber criminals in its second Annual Review.
Since it became fully operational in 2016, the National Cyber Security Centre has helped to support with 1,167 cyber incidents – including 557 in the last 12 months. The report says most of those attacks against the UK are carried out by hostile nation states.
The Annual Review details the tactics used by the NCSC’s Incident Management team. A podcast, “Behind the scenes of an incident”, features interviews with staff who defend the UK from cyber attacks.
David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: “As the minister with responsibility for overseeing the implementation of the National Cyber Security Strategy, I am proud of what NCSC has achieved in just two years of operations. Our National Cyber Security Strategy set out ambitious proposals for how this Government will defend our people, deter our adversaries and develop UK capabilities to ensure we remains the safest place to live and do business online.
“NCSC has more than risen to this challenge, defending the UK from over 1,100 cyber attacks and reducing the UK’s share of global phishing attacks by more than half.”
The NCSC says that it takes a proactive approach to securing the UK’s online defences. Its Active Cyber Defence (ACD) initiative aims to protect the UK from high-volume commodity attacks. The ACD has reduced the UK’s share of visible global phishing attacks by more than half; from 5.3pc to 2.4pc. Between September 2017 and August 2018, the service has removed 138,398 phishing sites hosted in the UK.
Ciaran Martin, NCSC Chief Executive, said: “I’m extremely proud that the NCSC is strengthening the UK’s defences against those who seek to harm us online. We are calling out unacceptable behaviour by hostile states and giving our businesses the specific information they need to defend themselves. We are improving our critical systems. We are helping to make using the Internet automatically safer.
“As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defence in the world to help the UK thrive in the digital age.”
To download the review visit https://www.ncsc.gov.uk/news/annual-review-2018.
Comments
Etienne Greeff, CTO and co-founder of cybersecurity consultancy, SecureData said: “To create a safer environment online, collaboration between government and industry is crucial. As the report suggests, it would be completely unrealistic to believe that cybercrime can be entirely stopped. However, collaboration would make it that much harder for cyber criminals to operate successfully. The cyber fight is similar to Dad’s Army: we all have a role to play, even if we aren’t on the front line. Everyone is responsible for defending themselves and those around them, reporting suspicious activity and being vigilant at all times.”
Rodney Joffe, SVP and Fellow, Neustar and Chairman of Neustar International Security Council (NISC), said: “Unfortunately, the NCSC’s annual review confirms what we already know – cyber threats to the UK’s critical infrastructure are rapidly increasing, and malicious actors will stop at nothing to cause mass disruption. Various nation states, including Russia, have been surveying and prepositioning themselves throughout the globe for some time, but unlike before, their increased abilities coupled with their intent has given them the unique opportunity to reach unmatched levels in recent times.
“Today’s cyber criminals are armed with sophisticated tools, which has given them the ability to infiltrate websites using sly tactics. They no longer hesitate to hit organisations with multi-vector attacks using DDoS to plant ransomware or steal classified information, and they are more than willing to trick users through spear phishing and social engineering. To evade being hit, organisations must ensure they are fully protected and that they have robust security protocols in place to protect citizens’ data.
“It will become more important than ever that the UK’s key sectors such as energy, healthcare, telecoms and defence pay close attention to the supply chain. Even organisations with the most robust cyber defences are at the mercy of the vendor that manufactured the hardware or software they rely on day-to-day, and deliberately planted vulnerabilities can lead to damaging cyberattacks and large scale data breaches.”
