In setting up the virtual parliament — which includes enabling remote participation in proceedings and online voting — the NCSC worked with parliamentarians to raise awareness and upgrade training in cybersecurity. Other actions included protecting the electoral process in the 2019 general election responding to incidents and triaging threats, investigating leads and providing advice when needed, protecting the Register to Vote website, and supporting the Government’s Brexit negotiations and preparations.
Suspicious Email Reporting
The NCSC has also continued its work to defend citizens, businesses and charitable institutions and to safeguard Critical National Infrastructure (the mounting cyber threat to this arena has ramped up countermeasures), defense and security assets and operations. In the public arena, this includes setting up of the Suspicious Email Reporting Service which received an average of 133,000 reports a week. Emails are analysed and if malicious content is found, a takedown notice is issued to the hosting provider requesting it removes the content. In parallel, malicious URLs are added to a block list which is provided to browser, anti-virus and firewall vendors. Work has also included tackling the growing incidence of fake celebrity-endorsed investment scams, taking down 300,000 malicious URLs created to trick people into parting with their money.
Last year, the NCSC launched Exercise in a Box, an online tool enabling businesses to test their resilience to cyber attacks, while in July 2020 a Home and Remote Working exercise was launched in response to the increased number of people working remotely. The latter focussed on how employees can safely access networks, what might be needed for secure employee collaboration, and managing a cyber incident while working remotely.
Sports Cyber Incidents
The NCSC published its first analysis of the sports industry in July, which revealed that 70% of sports institutions had suffered a cyber incident in the past year – double the average for UK businesses. Examples include an English Football League club suffering a ransomware attack which crippled its CCTV system and turnstiles, a racecourse employee losing £15,000 in a spoof eBay scam, and a Premier League club’s managing director being hacked prior a £1m transfer negotiation.
“The COVID-19 pandemic continues to affect how we live and work,” said Penny Mordaunt, the Paymaster General. “In a year of complex challenges, the NCSC has continued to react to swiftly-evolving cyber threats.
“This review shows how the NCSC has taken decisive action against malicious actors in the UK and abroad who saw our digital lifelines as vectors for espionage, fraud and ransom attacks. It is vital that cybersecurity remains a priority for government, industry and the public in building UK resilience to a spectrum of risks.”
Lindy Cameron, CEO of the NCSC, explains more in the video below.
This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.
Ron Alalouff is a journalist specializing in the fire and security markets, and is a former editor of websites and magazines in the same fields.