Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management
NCSC Investigated 658 Serious Cybersecurity IncidentsUK Incident Responders Supported 900 Victim Organizations in 12-Month Period
The British government's national computer emergency response team investigated 658 serious cybersecurity incidents and supported nearly 900 victim organizations in the 12-month period ending in August.
See Also: Assessing Cyber Risk for the Defense Industrial Base
For the majority of the incidents investigated by the U.K. National Cyber Security Center, part of intelligence agency GCHQ, the center was the first to alert organizations that they had fallen victim to an online attack.
During the same 12-month time period, NCSC scuttled 177,000 phishing URLs, two-thirds of which were eliminated less than 24 hours after they first appeared.
Those are some of the highlights contained in the NCSC's third annual review, released on Wednesday at a press conference at the organization's headquarters in London.
Ciaran Martin, chief executive of NCSC, told reporters that the report is the "most substantive and substantial" to be issued by the organization since it launched in 2016 (see: UK Stands Up GCHQ National Cyber Security Center in London).
"First, this is a three-year record of strong, practical success, whether that's stopping more than 1 million credit cards being used fraudulently by criminals, whether that's exposing dangerous Russian groups attacking our partners across the globe pretending to be Iranians, or whether it's automatically protecting government networks by checking billions of connections every month and blocking more than 10 million suspect connections, or whether it's working with thousands of charities and small businesses directly," Martin said.
"We are delivering for the U.K. But there's a part two. Some attackers are still doing the same things over and over again, and too often they're getting through. But there are things that you and I can do as individuals, and that organizational leaders can do to get ahead of the problem."
Martin added: "All of us can use sensible, practical measures like better passwords, two-factor authentication and backups, and more organizations can scan for vulnerabilities and fix them and have strategies to counter phishing attacks. Do that and so much of the problem goes away and we can focus on the big challenges of the future." (See: Party Like Every Day Is World Password Day).
As the world has continued to become ever more internet-connected, and online attacks have surged, NCSC has continued to see increased demand for its expertise and support, said Oliver Dowden, a Conservative MP who since July has served as the government's paymaster general and minister for the cabinet office.
"The common theme of the NCSC’s work, whether it’s protecting critical national infrastructure or strengthening the security of the internet of things, is that it is rooted in cyber’s increasing relevance to people’s day-to-day lives," he said at the press conference. "And it’s precisely because cyberattacks affect everyone and the things that we value that we all need to play a critical role in protecting them."
Dowden said part of the NCSC's mission, as part of the nation's intelligence establishment, continues to be to take the fight to foreign adversaries (see: Intelligence Agencies Seek Fast Cyber Threat Dissemination).
"In October 2018, that meant exposing Russian military attacks on political institutions and business, media and sporting interests - the World Anti-Doping Agency in Lausanne was a target," Dowden said. "This week, it exposed how suspected Russian-based cyber hackers had piggybacked on the illegal operations and methods of a group of Iranian-led hackers, targeting 35 countries." (See: Russian Hackers Coopted Iranian APT Group's Infrastructure).
Officials say that outing nation-state attackers makes it costlier for those governments to conduct online espionage options.
But the volume of attacks continues to increase and organizations continue to fall victim. "Over a third of U.K. businesses suffered a cyber breach or attack in 2018," Dowden said.
Critical Infrastructure Security
The government is pursuing measures to improve cybersecurity, including across the critical infrastructure.
NCSC's Active Defense Program, for example, helps identify malicious websites and notify owners to take them down; it also scans public security organizations' emails to combat phishing attacks.
The NCSC Cyber Accelerator, funded by the government's Department for Digital, Culture, Media and Sport, encourages and supports British cybersecurity startup businesses.
DCMS and the NCSC have also worked together on the Secure by Design program, meant to strengthen the security of IoT devices by giving manufacturers a code of practice for building internet-connected devices (see: War Declared on Default Passwords).
New Cybersecurity Regulations Forthcoming
The government has also signaled its intention to create new cybersecurity regulations governing the nation's telecommunications infrastructure, following a DCMS-led supply chain review of the sector (see Huawei's Role in 5G Networks: A Matter of Trust).
"The review’s major conclusion that the government will pursue a robust new security framework for telecoms, will be supported by the NCSC’s current risk-mitigation model, which will be adapted as necessary as telecoms networks evolve towards 5G and full-fiber coverage," according to the NCSC's third annual review. "This new framework will be placed on a statutory footing once government legislates to strengthen the enforcement powers of the telecoms regulator, Ofcom, and to provide new national security powers for government to respond to supply chain risks in the future."
Speaking at the press conference, Susannah Storey, who since last month has served as director general for digital and media policy in the U.K. Department for Digital, Culture, Media and Sport, signaled that more cybersecurity regulations may be forthcoming.
"Government regulation and creation of further incentives to promote industry action will have a role to play, and DCMS has begun a review of the landscape, with the aim of identifying what further government interventions will be required to ensure that good cybersecurity practices are normalized right across the economy," she said. "We also need to consider what more government can do to remove as much of the burden of security for businesses and individuals, mitigating the risk before it affects victims, whenever possible."