The UK’s National Cyber Security Centre (NCSC) has helped stop 658 attacks against UK organisations in 2019 – stark evidence that businesses need to be forever vigilant to defend against a persistent threat from cyber space.
According to its third annual review, the NCSC has prevented 1,800 attacks since its inception in 2016.
It’s also taken down 177,335 phishing URLs. More than 60 per cent were removed within 24 hours and this year it thwarted more than one million cases of suspected card fraud by identifying payment cards which were being targeted by online fraudsters.
Many of the malicious techniques are supported by so-called ‘state actors’ – such as Russia. Indeed, one of the NCSC’s major projects this year has been to support the UK and Dutch governments’ efforts to expose Russia’s military intelligence agency, which was carrying out attacks on political institutions, businesses, the media and sporting organisations.
A key component of the NCSC’s strategy for reducing attacks has been its Active Cyber Defence (ACD) programme which encourages the public sector to take more responsibility for cyber security.
It’s a non-regulatory approach delivered in partnership with businesses and with central and local government and offers a range of tools including email security compliance, which processes and analyses data from Domain Message Authentication Reports and Web Check, a free website configuration and vulnerability scanning service.
Three years ago, HMRC was the 16th most targeted organisation in the world for phishing scams but by September 2019, due to the ACD programme and the revenue and customs office’s own countermeasures, its ranking had dropped to 126th.
Gary Jowett, from Computer & Network Consultants in Brighton, says: “The NCSC’s having a big impact by taking positive steps to reduce cyber threats but it’s important businesses don’t get complacent because, ultimately, it’s every company’s responsibility to take care of their own security.
“By attaining Cyber Essentials certification there’s an ongoing incentive to maintain high standards. It should be renewed annually, so there’s always an opportunity to take a fresh look at security and make improvements. Having certification could also attract new customers by demonstrating that your business has a clear picture of its cyber security capabilities.”