The National Cyber Security Centre has announced that between 1st September 2018 and 31st August this year, it took down 177,335 phishing websites, handled 658 cyber security incidents, and awarded nearly 15,000 Cyber Essentials certificates to businesses that followed recommended cyber security practices.
In its third such annual review since its inception in 2015 with the objective of making the UK the safest place for doing business online, NCSC said that it has so far taken several steps to ensure citizens and businesses are protected from online threats.
These steps include bringing in 'Secure by Design' that requires manufacturers to introduce cyber security in their connected products during the design stage, exposing cyber attacks launched by Russian military intelligence on political institutions, business, media, and sporting interests, and sharing the UK’s specialist knowledge across borders to help strengthen global cyber defences and shape global attitudes to deterring and tackling cyber crime.
NCSC has also rolled out the 'Web Check' service to all gov.uk domains. The service scans all digital properties such as websites and applications for security issues and highlights vulnerabilities to respective government organisations. Web Check is presently being used by over 400 local authorities across the UK.
NCSC also highlighted that its DMARC (Domain-based Message Authentication, Reporting and Conformance) technology, which was introduced along with Web Check and Public Sector DNS in 2017, has received widespread adoption in recent days even though the initial rate of adoption was low.
DMARC helps authenticate an organisation’s communications as genuine by blocking malicious or fraudulent emails that spoof email addresses operated by government departments. According to NCSC, the number of public sector domains protected by DMARC rose from just 412 in December 2017 to 1,940 in September this year.
NCSC played a role in mitigating vulnerabilities in Magento's e-commerce platform
NCSC also announced that it has introduced BGB Spotlight, a detection and analysis system for BGB (Border Gateway Protocol) that alerts the UK’s mobile carriers when BGP misuse occurs, thereby helping the latter prevent significant disruption of the Internet. BGB Spotlight processes 25 million messages per hour from over 200 sources, converting these into 800,000 daily events across 240,000 unique destinations.
NCSC's Active Cyber Defence programme slowly bearing fruit
Through the use of Web Check, Mail Check, Protective DNS, and Takedown Service, NCSC has helped reduce the UK's share of global phishing incidents from 5.31% in June 2016 to a little over 2% in June this year. In the global ranking of the most-phished brands, HMRC has come down from 16th in 2016 to 126th this year. All these cyber defence services are part of NCSC's Active Cyber Defence programme.
Over 460 organisations across the UK are now using Protective DNS and the service blocks around
20,000 unique domains at a rate of 6.5 million times per month. Similarly, the Takedown Service has helped NCSC take down 98% of phishing websites that were found to be malicious and these total 177,335 phishing websites.
The cyber security watchgod has also introduced "Exercise in a Box", a free online tool which allows organisations to find out how resilient they are to a cyber attack, and to evaluate their readiness to respond. Even though the tool was initially developed for SMEs, local government and emergency services, it has been used widely by larger private sector organisations as well.
NCSC also introduced an educational programme to help charities across the UK learn ways then can protect themselves from cyber attacks and save reputation, funds and data from falling into the hands of criminals.
"The latest report from NCSC highlights that cybercrime is a growing problem for businesses and consumers, but that the government is taking steps to make it more challenging for cyberattacks to be successful," said Robert Ramsden-Board, VP of EMEA at Securonix.
"However, the attacks documented are only a fraction of what consumers and businesses are actually facing today. The reality is businesses and consumers are subject to hundreds of attacks every year and should always be on guard for hacking attempts. Research has shown time and time again that humans are the weakest link in cybersecurity so more education around cybercrime for consumers and businesses is essential," he added.
More information on Cyber Essentials is available on https://www.cyberessentialsonline.co.uk/.