NCSC’s Annual Report – What You Need To Know
Following the National Cyber Security Centre’s latest annual report, we review the outputs and highlight areas both business and security leaders need to be mindful of in their resilience planning.
Ransomware remains one of the greatest threats to the UK. In the past year, almost 300 ransomware activities were reported to the NCSC. The most prominent sectors reporting these into NCSC were Academia, Manufacturing, IT, Finance and Engineering.
The proliferation of cyber threats based on commercially available cyber tools and services make attacks easier for threat actors to undertake than before. Work is being done across many governments to ensure cyber tooling is developed and distributed in a legal and responsible manner.
Cyber fraud remains a key threat to businesses and members of the public. In 2021, more than 80% of all reported UK fraud was cyber-enabled, but only 32% of UK citizens thought they were likely to become a victim.
AI, unsurprisingly, continues to be a key weapon in the planning and delivery of attacks. Currently, it is more likely to amplify existing threats rather than create new ones, but this is likely to change as its capability continues to accelerate.
There has been an overall increase in number of reported attacks to the NCSC. 2005 reports received in total – a 64%increase on the previous year with 371 escalated to their Incident Management team, 62 recognised as nationally significant and four categorised as the most significant. The NCSC issued 24.48 million notifications, informing organisations that they were experiencing a cyber incident, through its automated Early Warning service. Any organisation can register for these alerts for free via the NCSC.
UK business continues to recognise the value and importance of the Cyber Essentials scheme, both operationally and commercially, with a 21% and 55% increase in Basic and Plus certificates awarded respectively. Cyber Essentials certification is, very often, the first step a business takes in beginning to develop its cyber resilience. There has also been an increase in the number of available certification bodies across the UK. Interestingly, there has been an 80% reduction in insurance claims from those with Cyber Essentials in place, inferring that taking even this initial step to dealing with cyber risk is adding value within businesses.
Over 2,700 organisations are now using Mail Check which helps public and third sector bodies assess and improve email security compliance to prevent criminals spoofing email domains. Over 10 million reports were received into its Suspicious Email Reporting Service during the review period and 261,000 scam URLS have been removed since the inception of this service in 2020.
In conclusion, the key areas of concern remain unchanged, with the use of AI and emerging technologies making attacks easier for hackers. Those who do not adopt basic controls or lack a plan for when they are attacked, remain the most at risk operationally, financially and reputationally.
There are many free or easily affordable schemes and tools available to help you protect your business and family. Where to start is always the challenge, so if you want to understand how all this applies to you and how to pragmatically safeguard your interests, be they business or personal, reach out to Amicis Group at hello@amicisgroup.co.uk or click here for a conversation.
The full report by the NCSC, can be downloaded here