IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCSC founder details 'biggest regret' in underestimating organised cyber crime

In a rare public address, Martin also detailed his proudest achievement and how the idea for the NCSC came to be

Ciaran Martin, the founder of the National Security Cyber Centre (NCSC), has revealed that he regretted underestimating the strength of systematic organised crime when setting up the centre.

One thing Martin wished he had done differently when setting up the NCSC was to appreciate the criminal threat more quickly, he said during a keynote address at (ISC)2 Security Congress held earlier this month.

Related Resource

Cost of a data breach report 2022

Discover the factors to help mitigate breach costs

Whitepaper cover with title and square image of line graph beginning to break and lift upFree Download

Since the NCSC was descended from and parented by national security organisation GCHQ, Martin recalled that it was incentivised to focus on the big state threats.

“But then you look at all the harm done and we underestimated the potency of systematic organised crime often hosted in hostile jurisdictions like Russia, but not directly controlled by them,” said Martin.

The NCSC was founded in 2016 and acts as the country's leading hub of experts that are called on when needed to assist in the handling and remediation of cyber attacks against UK entities. 

Martin said the idea to create the NCSC was borne out of a conversation he had in 2015 with then-Prime Minister David Cameron who expressed concern for rising cases of cyber attacks. By the time Martin left the authority, the International Telecommunications Union (ITU) raised the UK's global cyber security preparedness ranking from eight to first - a position that has now been regained by the US.

The founder also revealed his proudest achievement: launching a programme called active cyber defence, which aimed to tackle high-value commodity attacks that affects people’s everyday lives by providing free security services for organisations. However, he shared that he regrets naming the programme “active cyber defence” as it sounds, particularly to the US government, essentially like cyber war. 

Martin recalled details of the programme and how it called for a partnership with the industry which aimed to automate the removal of websites with malicious code by using the NCSC’s data to help people take down the sites if they wanted to. The average time for a malicious website hosted in the UK went from 27 hours to 45 minutes.

The NCSC founder also highlighted that organisations should marry the increasingly powerful technical capabilities to detect malicious behaviour on networks with people’s ability to stop that from happening. 

Martin recalled that during his time at the NCSC, he dealt with around 2,000 incidents, and in many of them the post-event forensics were of very high quality. This meant you could glean a large amount of information about what happened, as well as the specific time at which attacks occurred, but there was no communication of this at the time the attacks took place, which Martin agreed is quite hard to do.

He underlined that the ability to detect malicious behaviour retrospectively should essentially be brought further forward and secure it as far up the chain of production as possible.

“Because the further it gets to the poor little user at the end, trying to work out whether or not they should open this link, the more vulnerable it is,” he said.

Separately, the NCSC warned businesses in October to not become seduced by over-using phishing tests in their organisations. It claimed most implementations rarely offered an objective measure of an organisation’s defences and can end up wasting time and effort.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download


What is cyber warfare?

What is cyber warfare?

20 May 2022

Most Popular

The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022