DACB Cyber and Data Risk team provides a summary of the National Cyber Security Centre's Sixth Annual Report on Active Cyber Defence.

Since 2017 the National Cyber Security Centre ("NCSC") launched a programme known as Active Cyber Defence ("ACD"), in an effort to protect the UK business community from a substantial amount of commodity cyber-attacks.  The aim of the ACD programme is to, "Protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber-attacks the majority of the time.”

The NCSC published its sixth annual report of the ACD program on 4 July 2023 which notably found that phishing remains the most common type of cyberattack in the UK with over 77,000 incidents.  In light of this, it is interesting to note that the report identified that the UK Government-themed phishing campaigns have decreased by 17% while the NCSC Suspicious Email Reporting Service received nearly seven million reports by the end of 2022, resulting in the removal of over 40,000 scams and over 72,000 malicious URLs.  It took less than 6 hours on average for the NCSC to remove reported malicious URLs from the internet.

The report also made the following key findings:

• the number of takedowns of malicious sites has fallen in the past year which can be attributed to a reduction in extortion mail servers and cryptocurrency investment scams;
• 39% more organisations have signed up for ACD's free services, Email Security Check and Check Your Cyber Security, which empower non-technical users, and by extension, businesses with cyber security knowledge on anti-spoofing, email encryption and identifying vulnerabilities to safeguard their systems;
• the crisis in Ukraine was a consistent pretence for cryptocurrency scams throughout 2022; and,
• ACD’s Protective Domain Name Service (PDNS), which provides safeguard mechanisms to prevent organisations from gaining access to malicious sites that contain malware, phishing attacks and more, blocked 11 billion DNS queries for 420,000 domains in 2022.

This report highlights the ongoing challenges posed to cyber security, with the primary threat being phishing attacks. It re-emphasises the importance for all organisations to be equipped with specialist knowledge, systems and tools to safeguard their systems against cyber-attacks. Given that small businesses face additional hurdles including financial pressures, and managing conflicting priorities, it is promising that the NSDC have introduced programs to assist small businesses with the relevant knowledge regarding cyber risks to develop robust cyber security systems.  

The press release accompanying the publication of the report, including comments from Jonathon Ellison, NCSC Director for National Resilience and Future Technology, and Martin McTague, National Chair of the Federation of Small Businesses, can be found here.

If you have any further queries, comments or would like to discuss the developments detailed in this article, please get in contact with the writers.