A paper written by Dr Ian Levy, Technical Director of the National Cyber Security Centre (NCSC) and entitled “Active Cyber Defence – One Year On”, confirms that cyber remains a top threat to the UK’s economic and national security.
As a result, in November 2016, the Chancellor of the Exchequer launched the UK’s new five year National Cyber Security Strategy, aimed at defending UK citizens, deterring adversaries and developing skills and capabilities, with a vision that “by 2021 the UK will be secure and resilient to cyber threats, prosperous and confident in the digital world”.
One year on, the launch of government’s NCSC Active Cyber Defence (ACD) programme appears to be paying dividends. According to the report, the NCSC detected and prevented approximately 54 million online commodity attacks, or hacks, against UK organisations last year.
Other key findings amongst the comprehensive analysis show that since the ACD was introduced:
– UK share of visible global phishing attacks dropped from 5.3 per cent (June 2016) to 3.1 per cent (Nov 2017)
– removed 121,479 phishing sites hosted in the UK – and 18,067 worldwide spoofing UK government
– takedown availability times for sites spoofing government brands down from 42 hours to 10 hours
– a dramatic drop of scam emails from bogus ‘@gov.uk’ accounts (total of 515,658 rejected in year)
– average 4.5 million malicious emails per month blocked from reaching users (peak 30.3m in June 2017)
– more than 1 million security scans and 7 million security tests carried out on public sector websites
Dr Ian Levy comments: “Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.
“The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks.”
He adds: “The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.”
The report shows that HM Revenue & Customs took top spot amongst the 10 most spoofed government brands in the year, with 16,064 fake websites having been taken down. Also in the list are the DVLA, the Student Loans Company and the Crown Prosecution Service.
Cybersecurity is not however only for larger businesses and public organisations. SMEs are in fact some of the most vulnerable targets for cybercrime, and therefore this topic should be at the forefront of all business leaders’ minds.
Read a copy of our briefing note entitled ‘Is your business protected against cyber threats?’ for some points to help SMEs safeguard against cybercrime and be prepared.
IT security is a collective responsibility and it is essential that SMEs take the necessary steps to protect against cyber attacks.