‘Cyberattackers are doing the same things over and over – and too often getting through’
National Cyber Security Centre chief celebrates achievements of past year but stresses work still to be done
Credit: Stefan Rousseau/PA Archive/PA Images
As the National Cyber Security Centre publishes its third annual report, its chief executive Ciaran Martin has expressed pride in the organisation’s achievements to date but stressed how much work remains to be done to inculcate basic security measures.
Published today, the report reveals that, in the 12-month period to 31 August 2019, the NCSC dealt with 658 cyber incidents. The running total since the organisation was founded three years ago stands at about 1,800 – indicating that, in volume at least, the cyberthreat landscape remains fairly consistent.
Speaking at an event held this morning at NCSC headquarters to launch the report, Martin (pictured above) said that the document constitutes “a three-year record of strong, practical success”.
Number of cyber incidents dealt with by the NCSC in the past year
Number of victims of cyberattacks that received NCSC support
Government, academia, and IT
The three sectors that required the most incident-management support
Number of malicious phishing URLs taken down during the year – equating to 98% of the total that were discovered
Examples of the impact of the NCSC cited by Martin include “stopping more than one million credit cards from being used by cybercriminals”, and the recent collaboration with the US National Security Agency to expose the activities of Russian hacking group Turla, which had been masking its attacks by posing as a similar Iranian group.
But the NCSC chief said that such successes are only “part one” of the story of the agency’s activities over the past year. The second part of the tale is the familiar challenges it continues to face.
“Some attackers are still doing the same things over and over again, and too often they are getting through,” Martin said. “There are things you and I can do – and that organisational leaders can do – to get ahead of the problem. All of us can use sensible, practical measures – [such as] two-factor authentication and back-ups. All organisations can scan for vulnerabilities, and have strategies to counter phishing attacks. Do that, and so much of the problem goes away, and we can focus on the big problems of the future.”
During the last year, the NCSC supported almost 900 organisations that had fallen victim to cyberattack. For the first time, the agency has revealed which sectors required the most support over the year.
Government needed by far the most attention from NCSC incident-management professionals, with academia second on the list, followed by IT companies and managed services providers. The transport and health sectors were in joint fifth place.
Consultation launched seeking feedback on risks and mitigations for systems that now underpin a wide range of ‘essential services’
New measures prohibit supply of any tech used for ‘internal repression’
Parliamentary committee writes to department urging greater openness
Public spending watchdog points to issues with controls on fraud and error