NCSC Annual Review & Active Cyber Defence

23rd October 2019

Stuart Reed
Nominet Cyber

Today, the NCSC released its Annual Review, an analysis of all the work it has done during the past year. Covering cyber security for individuals and families, building the cyber capability for the future, as well as ensuring we are working together with other Governments to build a more robust defense against cyber attack. The review also looks at how the digital homeland is secured, how adversaries are countered and how the biggest risks are reduced to deliver a more secure UK.

The Active Cyber Defence (ACD) is one of the defining parts of the review, with NCSC CEO, Ciaran Martin, referencing ‘pioneering Active Cyber Defence work’. A voluntary, non-regulatory, non-statutory approach delivered in partnership with central government, local government and business, ACD aims for there to be fewer cyber attacks in the world, causing less harm.

Some of the key ACD statistics referenced in the NCSC’s review include:

  • UK Share of visible global phishing attacks reduced to 2.1% (August 2019)
  • In 2016, HMRC was the 16th most phished brand globally. In September 2019, as a result of ACD services and HMRC countermeasures, their ranking had dropped to 126th in the world
  • 98% of phishing URLs discovered to be malicious were successfully taken down, which amounted to 177,335 phishing URLs. 62.4% of these were removed within 24 hours of being determined as malicious

At Nominet, we are involved in one of the ACD programs highlighted in the report – Protective DNS (PDNS). This protects public sector organizations from accessing known malicious domains or allowing malware on already compromised networks from calling home. The good news is that uptake is increasing – with over 460 public sector organizations now taking part. The service blocks around 20,000 unique domains at a rate of 6.5 million times per month.

The NCSC Annual Review underlines how much work goes on to achieve a more secure world. It informs UK citizens about the challenges, while reassuring them that the constant battle to achieve cyber resilience is well underway.