The State of Security in the UK: Lessons from the NCSC Report


The National Cyber Security Centre (NCSC) recently released its fifth annual review of the state of cybersecurity in the United Kingdom. The report is presented under five headings including an analysis of and response “The Threat,” advice for resilience, advances in threat detection and prevention technology, improving the cybersecurity ecosystem, and global leadership.

The overarching message of the report is to provide safety for all online activities of all UK citizens. This is achieved through a transparent approach. As stated by Lindy Cameron, CEO of the NCSC, “A big part of the NCSC’s mission involves sharing and collaborating with organizations and the public.”

What’s in the NCSC Report?

Whilst the first section is innocuously titled “The Threat,” it not only identifies the observed threats of the prior year, but it also reveals the methods used to detect and deter them. As anticipated, ransomware remained a top concern, with those events having tripled compared to 2019. The COVID-19 crisis also factored into the threat landscape. The newest threat, introduced on a large scale, was that of the supply chain attacks, as evidenced in the SolarWinds attack. In April, the NCSC assessed that Russia’s Foreign Intelligence Service (SVR) was highly likely to have been responsible for the attack.

Attacks such as the SolarWinds event have real-world impacts. According to the report, goods and services were directly affected. In fact, “Due to the interconnected nature of cyberspace most major attacks carried out overseas caused an impact in the UK.” The NCSC responded in the Solar Winds attack by identifying affected organizations and sectors, which further aided the investigation, providing technical advice and support. Ultimately, a technical advisory with mitigation advice was issued by the NCSC in partnership with four other agencies.

It brings comfort to know that an entire consortium of governmental agencies are working together on a global scale. Part of the NCSC initiative includes the Active Cyber Defence (ACD) program, which provides free tools and services to combat attacks. However, organizations can and should augment these free offerings by proactively instituting measures to protect against ransomware attacks with products such as vulnerability managementfile integrity monitoring, log management and security configuration management. 

The NCSC report states that resilience was one of its most important priorities, and it acted assertively to deter and disrupt hostile actors. One of the best ways to embrace resilience is through early warning, giving an organization the ability to prepare a response to new threats. The NCSC approached the task by issuing alerts throughout the year. As part of ACD, the report states:

“The ACD programme’s core services include Mail Check, Web Check,
Protective DNS, Exercise in a Box, the Suspicious Email Reporting Service,
and the Takedown Service.”

Each of these services noted an increase in engagement. The Suspicious Email Reporting Service, established in 2020, is starting to realize its value. More than five million suspicious emails were submitted to the reporting service. The report emphasizes the service in the opening pages, giving more gravity to its worth. If a person goes no further than the opening remarks, not only will they have viewed this offering towards combating suspicious emails, but they would have also learned where to report a suspicious website as well as how to report any suspicious text messages.

The Takedown Service was incredibly productive, removing a total of 2.3 million cyber-enabled campaigns of various types. Part of this success is also attributable to the fact that more organizations are participating in the efforts of the NCSC initiatives. Adaptive threat intelligence can mean the difference between proactive and reactive defense. Tripwire Threat Intelligence can enhance any publicly provided information to give an organization an extra edge towards full resiliency.

NCSC & Critical National Infrastructure

The NCSC focuses beyond earthly cybersecurity endeavors. As part of protecting Critical National Infrastructure (CNI) the NCSC advised the UK Space Agency on topics ranging from launch facility security to training and security exercises. Along those lofty goals, the medical profession was also aided by the expert advice of the NCSC. Each area of CNI has had some involvement with the NCSC towards living up to the mission of making the UK safer for all citizens online.

Along with the thrust towards protecting CNI, the NCSC has also taken broad steps to educate existing organizations and has implemented brilliant outreach to train future technologists in cybersecurity best practices. Conferences such as CyberUK set the stage for bringing security to a wide audience by including members of government, national security, industry, and academia. The CyberFirst program, which is offered for those as young as 10-years old all the way through the university level, is intended to inspire and encourage students from all backgrounds to consider a career in cybersecurity.

The UK continues the transition away from the Public Service Network (PSN), and towards that end, it is heavily promoting the Cyber Essentials program. Over 75,000 certifications have been issued since its inception, with more than 24,000 issued last year. Cyber Essentials certificates are granted to businesses that demonstrate adherence to the five basic technical controls outlined in the standard. Organizations that undergo a hands-on technical verification are granted the Cyber Essentials Plus certification. 

The NCSC is not an isolated entity. As part of its recognition of the global impact of cyber threats, it maintains a presence, capabilities, and partnerships with international organizations in both government and non-government areas. In this way, the NCSC sustains as a paragon of global cybersecurity leadership.

The NCSC report is detailed, and the information contained therein is helpful for any organization that is either just embarking on securing its online assets or for those organizations that are seeking to improve their cybersecurity posture.

Of course, a project of such a broad magnitude would best achieve their goals by working with a partner with proven experience in cybersecurity. Tripwire is here to help. For more information, contact us to see how we can assist you to reach your security goals.



Source link