What the NSCS reveals in its annual review.
Over the last 12 months, the National Cyber Security Centre (NCSC) has defended British organisations against over 300 state-backed cyber-attacks. The agency recently published the annual review outlining the scale of the cyber threat. It was revealed that in the last year, the agency handled 658 significant cyber incidents, with over half of them performed by nation-states.
The NCSC’s annual review shows that only four countries account for the majority of the state attacks in Western nations. These are North Korea, Russia, Iran and China, which have spent the last few years developing sophisticated cyberweapons.
While money motivates most of the North Korean attacks, China focuses on corporate espionage and intellectual property theft. Meanwhile, attacks from Russia and Iran tend to focus on critical national infrastructure.
The review also shows – for the first time – in which sectors of the economy the state spends more time defending. Government sits at the top of the list, followed by academia, IT, managed service providers, transport and health.
Government agencies are an obvious target for attackers. However, hostile nations and cybercriminals target universities, the IT and managed service providers, which in turn, maintain the corporate networks.
The review goes on to reveal the NCSC work to remove any fraudulent websites. Known as the “Active Cyber Defence” programme, the initiative has so far taken down 177,335 phishing web addresses. NCSC claims to have dismantled 66 per cent of these sites within half an hour.
Operation Haulster, another initiative, aims to protect individuals from credit card fraud. So far, it has flagged up efforts to defraud more than one million stolen credit cards.
However, when speaking at the launch of the review in London, the head of NCSC, Ciaran Martin, claimed that “too many basic attacks” are still thriving.
“There are too many incidents causing too much harm,” Martin warned. “We do need to get those basics rights but also need to look at what challenges are ahead. There are some real opportunities here to get ahead of the problem. We need to focus as a national organisation most on what matters to the UK.”
A key area of the NCSC’s work is protecting democratic systems. Every three months, the agency’s officials are in contact with various politicians across the spectrum. Martin said: “As talk of an election grows ever louder, we are ready in this building to work with the political parties, local government, the media and wider society to protect that most valuable of national commodities, our free and fair democratic system.”
Towards the end of his speech, Martin predicted that the rise of subscription services would bring in better security. “We’re moving away from an internet economy where people give away large amounts of personal data for free […] which isn’t very good for security, to a model where more and more people are paying for products and services. This allows us to introduce objective standards that consumers and businesses can judge when buying those products and services.”
For our Enterprise Security and Risk Management Conference, as we discuss how we live in a world continuously changing at a rate not previously seen under any historical period. Managing risk, preparing for disaster, imagining previously unseen contexts and measuring your risk appetite are all a part of an enterprise’s duty as a global actor.