The NCSC Annual Review 2020 

By November 3, 2020 UK, UK Cyber Security

Introduction: A year unlike any other 

The National Cyber Security Centre (NCSC) has today published their Annual Review for 2020. The review provides useful infographics, timelines, event overviews and in-depth analysis of the key developments and highlights from the NCSC’s work between 1st September 2019 and 31st August 2020.  

Of course, this year was unlike any other, with the NCSC’s fourth annual review set against the backdrop of the coronavirus – a theme which dominates the first part of the document 

Overall, the review offers an interesting insight into the growing number of cyber attacks across the UK, the changing nature of these attacks and the effect that coronavirus has had on the role of the NCSC. The review also touches on 5G and the removal of Huawei equipment from mobile networks- though the NCSC remain rather tight lipped on this topic and offer very little if any new information.    

Our key takeaways from the review are as follows: 

Coronavirus –Responding to the pandemic 

The NCSC state that protecting healthcare has been their top priority during the pandemic. This led to the NCSC signing a “Direction” through the Department of Health and Social Care (DHSC), giving the NCSC consent to check the security of NHS IT systems; allowing over 160 high-risk and critical vulnerabilities to be identified. The review also reveals that in July a Russian cyber group thought to be connected to Russian intelligence, targeted organisations involved in coronavirus vaccine development. The nationwide move to remote working also posed a new challenge for the NCSC who saw a large increase in phishing emails. In total, the NCSC responded to more than 200 incidents related to Coronavirus and scanned over one million NHS IP addresses to detect security weaknesses. 

Defending democracy 

Although the NCSC has always worked to protect democracy from cyber-attacks, this year’s report highlights the ways in which this role has been challenged by the 2019 general election and introduction of a ‘virtual parliament’ as well as their continued work supporting the UK leave the European Union. The review reiterates that Russian actors sought to interfere in the 2019 General Election and also highlights a number of Distributed Denial of Service (DDoS) attacks against political party websites early in the campaign.  

Building a resilient nation 

This chapter provides an overview of the NCSC’s work with the Military and steps being taken closer to home to protect citizens from cyber-crimes. This includes the NCSC’s work with City of London Police to encourage people to forward emails they thought could be malicious- a service which has received over 2.3million reports since its launch 4 months ago.  

Defending the digital homeland 24/7 

In the last year the NCSC dealt with 723 cyber security incidents involving almost 1200 victims. These are the highest annual totals since the NCSC was formed in 2016.  

The review also reveals that the nature of cyber-attacks has changed since 2017, with an increase in phishing attacks (from 72% to 86%), and a fall in attacks involving viruses or other malware (from 33% to 16%). See page 84 for a map illustrating the broad geographic spread across the UK of all the cyber incidents between February-July.  

On 5G, the review states that going into 2021, the NCSC is actively supporting DCMS’s diversification strategy. The review also references the NCSC’s analysis into telecoms security risks and their role informing on the forthcoming Telecommunications (Security) Bill.   

 

Post written by: Elly Savill