A “Whole-of-Society" Approach To Cyber Crime

Uploaded on 2023-07-14 in NEWS-Cybersecurity News, FREE TO VIEW

The sixth annual Report from Active Cyber Defence (ACD) highlights success of a “whole-of-society" approach in preventing millions of cyber attacks from reaching UK organisations and citizens each year.

UK Business and citizens reported a suspicious email or website every five seconds in 2022, a new report from GCHQ’s National Cyber Security Centre (NCSC) has said on Thursday 6th July - that's 7.1 million suspicious emails and URLs which were flagged by UK organisations and citizens via the NCSC’s reporting service between January 2022 and December 2022, which is the equivalent of nearly 20,000 reports a day.

The reports, many of which came from UK businesses, contributed to the direct removal of nearly a quarter of a million (235,000) malicious URLs from the internet by the NCSC since SERS, the first service of its kind globally, launched in April 2020. It took less than 6 hours on average for the NCSC to remove reported malicious URLs from the internet.

The finding is one of many insights from the NCSC which takes a “whole-of-society" approach to cyber crime and prevents millions of high-volume cyber attacks from ever reaching UK organisations and citizens each year.

Jonathon Ellison, NCSC Director for National Resilience and Future Technology, said “In a cyber threat environment that resembles the Hydra – cut down one attack, another springs up in its place – ACD is once again doing unparalleled work to keep the country safe. As this latest report shows, cyber security is not the sole preserve of tech specialists: businesses are increasingly alive to and eager to engage with the cyber risks they face, signing up in swathes to make the most of NCSC data and expertise."

Businesses’ growing appetite for cyber security in 2022 led to 39% more organisations signing up for ACD’s free services which are designed to empower users without specialist knowledge or a dedicated security function at work to boost their cyber resilience.

Small businesses constitute 99% of the UK’s business ecosystem and are hence indispensable to national prosperity. They also, however, face a unique set of behavioural barriers, financial pressures and competing priorities to achieving robust cyber security, often not having the expertise or allocated resource to give cyber due attention. Martin McTague, National Chair of the Federation of Small Businesses (FSB), commented “While security is important, we’ve long championed building cyber resilience among small firms, given the persistent risk of cybercrime...  A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations.

Given their unique vulnerability, the NCSC launched two accessible ACD services last year to help a higher number of small businesses to better protect themselves.

The Email Security Check service provides a quick and simple way of understanding aspects of email security like anti-spoofing and email encryption. Since launching in April 2022, it has scanned over 54,000 email domains. The Check Your Cyber Security (CYCS) guide is a scalable vulnerability check tool designed specifically for small organisations to fix their critical vulnerabilities without requiring ongoing support from the NCSC.

Other key highlights from 2022, the sixth year of ACD’s operations, include:  

 

  • Opportunistic attacks on the HMG brand decreased by 17% while the crisis in Ukraine was a consistent pretence for cryptocurrency scams throughout 2022.
  • ACD’s Protective Domain Name Service (PDNS), which provides safeguards to prevent organisations from accessing malicious sites containing malware, phishing attacks and more, blocked 11 billion DNS queries for 420,000 domains in 2022.

Businesses can access the ACD Report along with a range if guidance on practical cyber secuity measures via the NCSC website.

You Might Also Read:

Phishing – It’s Not About Malware (Or Even Email):

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Zero Trust: A Paradigm Shift in Cybersecurity
Twitter Threatens To Sue Meta Over Threads App »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

International Association of Professional Security Consultants (IAPSC)

International Association of Professional Security Consultants (IAPSC)

Members of the IAPSC represent a unique group of respected, ethical and competent security consultants.

IABG

IABG

IABG offer independent, product-neutral consulting as well as technical and scientific services for the use of safety-relevant systems and technologies.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.