The UK’s National Cyber Security Centre (NCSC) celebrates its first anniversary this month.
Set up last October as part of Government Communications Headquarters (GCHQ) it acknowledges it has much work to do but said that in its first 12 months it has “prevented thousands of attacks… and has managed the UK's response to hundreds of incidents.”
- In its first year NCSC says it responded to 590 ‘significant’ attacks including those on the NHS and the UK and Scottish parliaments as well as attacks on large and small businesses
- It claims that tens of thousands of suspicious communications are now blocked every month
- It also says that thanks to a cyber defence programme it has been able to reduce the average time a phishing site is hosted in the UK from 27 hours to under a hour
NCSC breaks down cyber threats into three main categories which if you’re a regular reader of this blog will already be familiar with:
This ranges from low-level scallywags who launch malware attacks or attempt to fool people with poorly constructed phishing campaigns to sophisticated ransomware and malware campaigns put together by organised crime networks and enabled by those who create malicious code.
NCSC states that there are nation states who seek to exploit UK organisations such as stealing intellectual property and carrying out espionage. It adds that these campaigns can take place over several years and that also nation states are beginning to explore how cyber operations can support a disruptive and destructive strategy.
This is slightly disingenuous given that this type of activity has been taken place for years whether it’s Israel, Russia, North Korea or something called the Five Eyes Alliance, an intelligence operation comprising Australia, Canada, New Zealand the UK and the US.
This is a coverall category that includes hacktivists who try to make political points, for instance, by taking down websites, or hackers who take businesses down simply to flex their coding muscles and in a sense show off. It also includes low level hackers who use tools available online to cause mischief.
No system in the world is completely secure
The NCSC states quite rightly it’s not possible to stop every cyber-attack, which reveals just who widespread and far ranging cyber deviancy is, as well as our almost complete dependence on digital networks.
- As such the report tends to focus on milestones the NCSC has achieved since its beginnings a mere 12 months ago.
- The site is largely focused on businesses but that said it does offer some useful tips.
And finally, in what hopefully is the shape of things to come the NCSC proudly says it:
- Helped nurture the next generation of cyber experts by hosting more than 1,000 young people on CyberFirst courses and inspired 8,000 young girls to enter the NCSC CyberFirst competition