Attacks hit record high

Cyber security incidents are now outstripping anything that the UK's National Cyber Security Centre has had to deal with in the past

The UK's National Cyber Security Centre (NCSC) handled a record number of cyber security incidents over the last 12-month period accounted for. The agency dealt with 723 serious incidents between September 2019 and the end of August 2020, a 20% increase on the 602 it handled the year before. More than 200 of these incidents were related to the coronavirus, according to the NCSC's latest annual review.

The NCSC has been taking a series of decisive actions against malicious actors in the UK and abroad to combat this threat. We ask those in the security industry what preventive measures organisations can carry out, for their part, to keep them from being victims of such attacks in 2021.

"Cybercriminals keep a close eye on events that are happening around the globe," says Jelle Wieringa, technical evangelist, KnowBe4. "To them, big events that attract a lot of media attention are an opportunity around which to build their attacks. COVID-19 is, unfortunately, a perfect example of cybercriminals taking advantage of world events."

Those scams started with information about COVID-19 infection rates back in March last year and escalated to contact tracing over the summer. "With vaccines beginning to be administered to front line personnel and healthcare workers, cybercriminals are taking advantage of this by creating new phishing emails targeting users to click a malicious link or open an attachment. And with the world moving faster and faster, big things seemingly happen every day. So, there is no shortage of new events for cybercriminals to choose from.

"For organisations to be able to defend themselves, they need to know where threats are coming from and what to defend against. Gathering security intelligence, whether it is through open source, paid or otherwise collected channels, is a great way for organisations to have visibility into what is happening, which allows cybercriminals to predict and prepare." Unfortunately, not everything can be clearly foreseen. "Therefore, an organisation needs to be prepared to fend off attacks, whether they are anticipated or not," he advises.

"And with the pandemic still holding the world in its grasp, most employees will be forced to work from home for at least the foreseeable future. Even after employees are allowed to return to the office, it will be a while before everything goes back to a state of somewhat normal. This leaves employees particularly vulnerable to social engineering attacks - something cybercriminals are well aware of."

Wieringa also points to how social engineering is a form of deception that is used to manipulate individuals into divulging confidential or personal information that may be used for fraudulent and malicious purposes. "It is a popular tactic for today's cybercriminals to target humans, which is why it's so important to build up an organisation's human firewall and to help employees make smarter security decisions every day. This means organisations need to pay extra attention to the human side of cybersecurity. Training employees, promoting and rewarding secure behaviour, and cultivating a positive security culture throughout the organisation will be key to help combat social engineering attacks now and in the future."

RELENTLESS ATTACKS
Keith Driver, chief technical officer, Titania, says the figures released by the National Cyber Security Centre (NCSC) in its 2020 Annual Review demonstrate the relentless increase in cases whereby a cybersecurity attack has resulted in an incident requiring the UK national response team's attention -with, on average, almost two serious incidents occurring every day across the year.

"On a national scale, the NCSC Active Cyber Defence programme has had incredible results," he points out. "It continues to roll out effective capabilities, like the Suspicious Email Reporting Service [SERS - where you can forward your suspicious email to 'report@phishing.gov.uk for investigation], which received 2.3million emails in 2020, Protected DNS and Exercise in a Box, as well as a plethora of clear and concise advice notes."

While these initiatives operate nationally on behalf of the British public, the protection of individuals and commercial enterprises requires us all to take action, he adds. "After all, as highlighted in the report, 'Cybersecurity is a team sport' , the NCSC has consistently promoted that the most effective cyber defence starts with basic cyber hygiene. The '10 Steps to cybersecurity' and 'Cyber Essentials' initiatives have been instrumental in helping to make the UK a safer place by providing easy-to-understand and practical advice on cyber policy and specific technical protections."

When followed, the advice for endpoints, the networks they attach to and the people who use them provides a robust defence to the most common attacks, eliminating perhaps 99% of the threat, states Driver. "Basic cyber hygiene is vital to protect against the majority of attacks and it's something that Titania has discussed in depth. That's because it makes it so much harder for an attacker to gain a foothold. Everything from password strength and management, to device and network node configuration [firewalls, for example], is integral to operating a resilient and robust network, and should be considered."

However, this does not need to be a lengthy process, he adds. "Much of basic cyber hygiene assurance can be automated, meaning it doesn't require human intervention to check that device configurations are secure or that policies have not been breached. I believe that this is where the value of technical solutions shines. By providing certainty in understanding that your policies and required configurations are being adhered to, the chances of an attacker being successful are much reduced and resources can be focused elsewhere, preferably on value creation."

DEFENDING THE UK
Since its inception in 2016, the NCSC has done incredible work and continues to defend the UK in an ever-changing threat landscape, he continues. "However, organisations and individuals now need to make the organisation's job as easy as possible by taking responsibility for our networks, devices and actions. This means ensuring that we make it as hard as possible for those that would do us harm and be continually vigilant, checking that this continues to be the case."