Data security chiefs will be earning their money this year after the head of the National Cyber Security Centre warned companies to brace themselves for a new wave of highly sophisticated online attacks, due to the organisation’s success in blocking tens of millions of threats against UK businesses over the past year.
Following the publication of a report entitled ‘Active Cyber Defence – One Year On’, NCSC technical director Ian Levy warned: “The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.”
The report details how the GCHQ-led agency has reduced cyber crime against businesses and consumers since it introduced its four Active Cyber Defence (ACD) programmes a year ago, under the Government’s National Cyber Security Strategy.
These four programmes are aimed at improving UK security by checking public body websites’ security, blocking fake emails, thwarting phishing attacks and stopping public sector bodies’ IT systems from landing on malicious websites.
As a result, the UK’s share of visible global phishing attacks has almost halved, down from 5.3% in June 2016 to 3.1% November 2017, according to the report. The organisation also blocked an average 4.5 million malicious emails per month from reaching users, and carried out more than a million security scans and 7 million security tests on public sector websites.
The NCSC also took down 121,479 UK-hosted phishing sites, 18,067 of which were spoofing UK government services. It has also seen a major decline in scam emails from bogus ‘@gov.uk’ accounts, the report said, with a total of 515,658 rejected over the year.
Levy added: “The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks. The results … are positive, but there is a lot more work to be done.”
“Our measures seem to already be having a great security benefit – we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyberattacks in a measurable way.”
Last year saw the emergence of ransomware as a major cyber threat; the WannaCry attack hit businesses and institutions on a global scale, including the NHS, Telephonica and FedEx. Within weeks, the “NotPetya” attack took down WPP, TNT Express, Reckitt Benkiser, Mondelez International, Maersk and number of Ukrainian firms. Many have since revealed the attack has cost them hundreds of millions of pounds.
The threat of huge fines under GDPR has pushed data security chiefs’ pay sky-high, with those at top end receiving up to €1m (£850,000) a year; those working in listed small and medium European companies are not exactly on the bread-line either, trousering a minimum of €200,000 (£171,000).
Noose tightens on rogue and lax firms as ICO fines soar
Data security chiefs pay soars to €1m as GDPR looms
TNT Express rocked as cyber attack wipes out $300m
WPP hit as new ransomware attack wreaks global havoc
UK firms ‘leaving themselves wide open to ransomware’
Rehab camps to turn hackers into cybersecurity experts
Data breaches ‘hit shares, sales and growth for years’
Europe faces shortage of 350,000 cyber security chiefs