NCSC: UK hit by 590 "significant" cyber attacks last year

Virtual security/privacy shield

The National Cyber Security Centre (NCSC) responded to 590 "significant attacks", with a total 1,313 cyber incidents reported to theorganisationin its first year.

Of the total security incidents reported to the NCSC, its review said 30 were seen as requiring a "cross-government response process" that includes the massive WannaCry attack that knocked swathes of the NHS offline.

The report revealed a little about how the NCSC's processes work. For the 25 June attack on parliament's emails, the NCSC worked with the parliamentary Digital Service to "investigate, advise and mitigate" the attack, offering support and victim care after thefact, as well as advice on how to use better passwords.

For WannaCry, the NCSC "reacted quickly to offer victim support and advice on the day of the attack", the report claimed, as well as "updating our ransomware guidance". The NCSC also sent experts to Barts Hospital Trust "to provide bespoke advice" suggesting theorganisationdidn't send out any staff to other hospitals. "We continue today to work and support government departments in identifying vulnerabilities and mapping out what data matters and should be backed up," the report added.

The NCSC also worked with local law enforcement to "share accurate and consistent advice with hard to reach groups", with its advice reaching thousands of businesses, helping to stop the spread of the ransomware, the review noted.

The NCSC also crowed about its more proactive work, saying the lifespan of phishing sites fell from 27 hours to less than an hour. Plus, it revealed the launch of four programmes to boost security across the public sector, including blocking 120,000 fake emails via authentication protocol DMARC, blocking malicious redirects for logged in users, offering the Web Check vulnerability scanning service to all government websites, and working with Netcraft on malware and phishing countermeasures.

The NCSC also said it was boosting protections for the Armed Forces. Though the NCSC said much of it "can't be discussed in detail", that work includes encrypting communications and improving their resilience. It's work with the Ministry of Defence also saw it "delivering the next generation of cryptographic products", and helped the Cabinet Office's rollout of Foxhound, a new cross-government IT network for secret-level classified documents.

Alongside its direct security work, the NCSC also ran a series of training activities for supporting and finding young tech talent.

Ciaran Martin, CEO of the NCSC, said in a statement that theorganisationwas "incredibly proud" of what it's achieved in the first year of operations. "But the threat remains very real and growing - further attacks will happen and there is much more for us to do to make the UK the safest place in the world to live and do business online," he said.