Spurred by both government and private efforts, the UK has seen a renewed and determined focus on cyber security issues this year. Much of this can be attributed to the new National Cyber Security Centre (NCSC), which became operational in October 2016 and was officially launched February 2017 by Her Majesty the Queen. The organization’s stated mission? “Helping to make the UK the safest place to live and do business online.”
Quite a motto to live up to but it just may succeed. In its first few months of life, NCSC has issued guidance on everything from securing specific operating systems to good cyber security practices for local authorities during elections. It backs numerous initiatives, including the CyberFirst Girls competition, in-school cyber education programs and subsidies to undergraduates studying cyber security. NCSC also has published several investigative reports, which are worth taking a closer look at, even for those outside the UK.
Recent NCSC Publications
Their investigation into the online criminal ecosystem, ‘Cyber crime: understanding the online business model’, is a great primer on how cybercrime groups operate and a reminder that there’s big money in cybercrime. Until organizations can change the attack economics, they’ll always make attractive targets.
‘The Cyber Threat to UK Business’, a joint report by NCSC and the National Crime Agency (NCA), shows that the “cyber threat to UK business is significant and growing,” with 65% of large UK firms detecting a breach or attack in the past year. It also states that the threats are “varied and adaptable.” In particular, the reports warns that “financial trojans have become more targeted and less visible” and predicts a resurgence in banking attacks. They note that while attacks continue to get more sophisticated, the technical skill required to commit cyberattacks continues to decrease. With malware and exploit kits easily purchased on the dark web, anyone can be a cybercriminal.
The NCSC isn’t the only governmental organization working double-time on cyber security. This week, the Houses of Parliament released an in-depth look at the cyber security of the UK’s critical infrastructure. Unsurprisingly, the report states that the number of attempted cyber-attacks on critical national infrastructure is growing and points out that the expanding interconnectedness of systems increases the potential for attacks. It also looks at the difficulty of securing critical infrastructure when the majority of it is privately owned. Previously, the government relied on market forces to drive cybersecurity improvements. However, this proved insufficient and the new strategy calls for greater government intervention. The document lays out methods for improving cybersecurity based on the Government’s Cyber Essentials scheme.