The report reveals that, in the 12-month period to 31 August 2019, the NCSC dealt with 658 cyber incidents. The running total since the organisation was founded three years ago stands at about 1,800 – indicating that, in volume at least, the cyberthreat landscape remains fairly consistent.
Speaking at an event held this morning at NCSC headquarters to launch the report, Martin said that the document constitutes “a three-year record of strong, practical success”.
658 cyber incidents dealt with by the NCSC in the past year, 900 victims of cyberattacks that received NCSC support. With three sectors that required the most incident-management support which are the Government, academia, and IT.
A staggering 177,335 malicious phishing URLs taken down during the year – equating to 98% of the total that were discovered.
Examples of the impact of the NCSC cited by Martin include “stopping more than one million credit cards from being used by cybercriminals”, and the recent collaboration with the NSA in the US to expose the activities of Russian hacking group Turla, which had been masking its attacks by posing as a similar Iranian group.
But the NCSC chief said that such successes are only “part one” of the story of the agency’s activities over the past year. The second part of the tale is the familiar challenges it continues to face.
“Some attackers are still doing the same things over and over again, and too often they are getting through,” Martin said. “There are things you and I can do – and that organisational leaders can do – to get ahead of the problem. All of us can use sensible, practical measures – [such as] two-factor authentication and back-ups. All organisations can scan for vulnerabilities, and have strategies to counter phishing attacks. Do that, and so much of the problem goes away, and we can focus on the big problems of the future.”
During the last year, the NCSC supported almost 900 organisations that had fallen victim to cyberattack. For the first time, the agency has revealed which sectors required the most support over the year.
Government needed by far the most attention from NCSC incident-management professionals, with academia second on the list, followed by IT companies and managed services providers. The transport and health sectors were in joint fifth place.
The NCSC need to be keep fighting as best as they can against these ever present threats.