National Cyber Security Centre (NCSC) annual review 2022: Highlights and thoughts

Image

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK.

One of the most important roles of the NCSC is to identify, monitor, and analyse key cybersecurity threats, risks, and vulnerabilities. This information is shared not only with government organisations, but also private enterprises, and other bodies, thereby improving the overall cyber-preparedness for all.

The Right Honourable Oliver Dowden CBE MP, Chancellor of the Duchy of Lancaster, said that “new data shows the UK is the third most targeted country for cyber-attacks, behind only the USA and Ukraine. The NCSC plays an essential role in meeting this threat and making the UK the safest place to live and work online. It has also worked with government, industry and the public to bolster the UK’s cyber resilience.”

The report’s opening assessment makes for sober reading, stating that “Over the past year, the cybersecurity threat to the UK has evolved significantly.” The threat from ransomware was ever present – and remains a major challenge to businesses and public services in the UK. This year, eighteen ransomware incidents required a nationally coordinated response, including attacks on a supplier to NHS 111 (the online and telephone urgent healthcare support line), and a water utility company, South Staffordshire Water.

The most significant threat facing citizens and small businesses continued to be from cyber-crime, such as phishing, while attacks against social media accounts remained an issue as well. Official figures revealed there were 2.7 million cyber-related frauds in the 12 months to March 2022 in the UK.

However, what is encouraging is what they said they did about these threats, “In response to these notable threats the NCSC stepped up its automated notification service Early Warning, which was launched in May 2021. By the end of August 2022 34 million alerts were sent to its 7,500 and growing members to inform them of potential threats, risks, vulnerabilities, or open ports in their networks.”

The statistics speak for themselves, and continue, “2.1 million cyber-enabled commodity campaigns removed, Expansion of counter-ransomware services, 6.5 million suspicious email reports received, and 62,000 scam URLs removed, 34 million Early Warning alerts about attacks, compromises, vulnerabilities or open ports, bolstered UK resilience by 90% increase in signups to Early Warning service.”

However, the NCSC isn’t all about the threat landscape. It helps lead technical innovation, and it reports, “A year of innovation and capability-building.” Amongst the projects, initiatives, new legislation, and regulation it has supported, some of the projects include, “a tool to discover new mobile network vulnerabilities and improve security for users. The launch of Product Security and Telecommunications Infrastructure Bill to strengthen cybersecurity for consumer devices and accountability of manufacturers. Guidance to help small businesses better understand technology risks such as ‘Bringing Your Own Device’ approaches and best practice for backing up data. Notifying Google of fifteen suspicious applications, that could have undermined users’ security, resulting in the majority being taken down, amongst many other activities.”

A third role highlighted this year is the NCSC’s key part in strengthening the UK’s thriving cybersecurity ecosystem, which is now worth more than £10 billion to the economy, employing nearly 53,000 people across 1,800 businesses. It works with the Department for Digital, Culture, Media and Sport (DCMS), who have overall responsibility for cybersecurity, the UK Cyber Security Council (UKCSC), and other partners, to create an ecosystem that is self-sustaining and continues to be an essential part of the country’s national security and economic interests. Its approach is, “From nurturing young talent, to creating further education opportunities, to supporting cyber start-ups, to testing and certifying standards, to creating more diversity, to driving growth and innovation, to sharing best practice with the industry, the NCSC is making a positive difference across the ecosystem.”

Sir Jeremy Fleming, Director GCHQ. said, “The global shifts we are witnessing will take decades to settle. Whilst I can’t predict how things will turn out, I can confidently say that cyber and cybersecurity will continue to be pivotal to our nation’s success. We are committed – in the NCSC and across the rest of GCHQ – to working tirelessly to ensure the country’s cybersecurity will be equal to the challenges of tomorrow.”

Lindy Cameron, CEO of the NCSC, summed up the report when she said, “This Annual Review is as much about what lies ahead as it is about the current challenges. We highlight the threats on the horizon, including the growing commercial availability of malicious and disruptive cyber tools and the risk of those falling into the wrong hands. This contrasts with the positive technological insight that NCSC experts provide in support of the UK’s values-driven approach to developing future technologies and the principles that underpin them. This work makes a global contribution and reflects the NCSC’s efforts to innovate and build capability to ensure that the technology on which our economy and society depend is secure, resilient, and reliable.”

While there is an abundance of news about breaches throughout the world, overall, the report offers high optimism towards realizing a safer internet for all UK citizens. If you want to do your part to contribute to their knowledge-base, visit the NSCS incident reporting page.