National Cyber Security Centre
Support from British businesses crucial in removing over 235,000 scams, new figures reveal
The sixth annual report from Active Cyber Defence (ACD) highlights success of a “whole-of-society" approach in preventing millions of cyber attacks from reaching UK organisations and citizens each year.
- New report reveals record-breaking 7.1m suspicious emails and websites reported to authorities in 2022 – equivalent to one every five seconds
- As a result, nearly a quarter of a million malicious website links directly removed from the internet since April 2020
- Businesses’ sign-ups to NCSC services up 39% in 2022 with launch of SME-specific tool empowering non-technical users to boost resilience
BRITISH BUSINESSES and citizens reported a suspicious email or website every five seconds in 2022, a new report from GCHQ’s National Cyber Security Centre (NCSC) has revealed (Thursday).
7.1 million suspicious emails and URLs were flagged by UK organisations and citizens via the NCSC’s free Suspicious Email Reporting Service (SERS) between January 2022 and December 2022 – the equivalent of nearly 20,000 reports a day.
The reports, many of which came from UK businesses, contributed to the direct removal of nearly a quarter of a million (235,000) malicious URLs from the internet by the NCSC since SERS – the first service of its kind globally – launched in April 2020.
It took less than 6 hours on average for the NCSC to remove reported malicious URLs from the internet.
The finding is one of many insights in the sixth annual report from Active Cyber Defence (ACD), a cornerstone programme from the NCSC which takes a “whole-of-society" approach to cyber crime and prevents millions of high-volume cyber attacks from ever reaching UK organisations and citizens each year.
Jonathon Ellison, NCSC Director for National Resilience and Future Technology, said:
“In a cyber threat environment that resembles the Hydra – cut down one attack, another springs up in its place – ACD is once again doing unparalleled work to keep the country safe.
“As this latest report shows, cyber security is not the sole preserve of tech specialists: businesses are increasingly alive to and eager to engage with the cyber risks they face, signing up in swathes to make the most of NCSC data and expertise.
“Small businesses have a key role to play in making it safer to work and live online, which is why we’re making it even easier for them to shore up their defences with accessible, free tools and soon, to manage these effortlessly via our integrated MyNCSC platform.”
Businesses’ growing appetite for cyber security in 2022 led to 39% more organisations signing up for ACD’s free services which are designed to empower users without specialist knowledge or a dedicated security function at work to boost their cyber resilience.
Small businesses constitute 99% of the UK’s business ecosystem and are hence indispensable to national prosperity. They also, however, face a unique set of behavioural barriers, financial pressures and competing priorities to achieving robust cyber security, often not having the expertise or allocated resource to give cyber due attention.
Martin McTague, National Chair of the Federation of Small Businesses (FSB), said:
“While security is important, we’ve long championed building cyber resilience among small firms, given the persistent risk of cybercrime.
“A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations.
“NCSC is doing the right thing by making its services accessible to SMEs so that they can better protect themselves in the digital world.”
Given their unique vulnerability, in 2022 NCSC launched two accessible ACD services to help a higher proportion of small businesses to better protect themselves: Email Security Check and Check Your Cyber Security.
Email Security Check provides a quick and simple way of understanding aspects of email security like anti-spoofing and email encryption. Since launching in April 2022, it has scanned over 54,000 email domains.
Check Your Cyber Security (CYCS) is a scalable vulnerability check tool designed specifically for small organisations to fix their critical vulnerabilities without requiring ongoing support from the NCSC.
Other key highlights from 2022, the sixth year of ACD’s operations, include:
- Phishing scams remain the most prevalent attack hosted in the UK, though the amount of global phishing campaigns hosted in the UK has declined.
- Opportunistic attacks on the HMG brand decreased by 17% while the crisis in Ukraine was a consistent pretence for cryptocurrency scams throughout 2022.
- ACD’s Protective Domain Name Service (PDNS), which provides safeguards to prevent organisations from accessing malicious sites containing malware, phishing attacks and more, blocked 11 billion DNS queries for 420,000 domains in 2022.
Latest News from
National Cyber Security Centre
UK exposes attempted Russian cyber interference in politics and democratic processes08/12/2023 10:29:00
The UK condemns Russia’s sustained attempts at political interference in the UK and globally.
UK and allies expose Russian intelligence services for cyber campaign of attempted political interference07/12/2023 14:25:00
The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes
NCSC launches Cyber Incident Exercising scheme06/12/2023 15:25:00
New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains23/11/2023 16:05:00
Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.
NCSC warns of enduring and significant threat to UK's critical infrastructure16/11/2023 10:05:00
The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.
UK and Singapore secure agreement against ransomware payments03/11/2023 10:22:00
Members of the CRI have signed a joint statement pledging that central government funds should not be used to pay ransoms to cyber criminals.
UK and allies support Ukraine calling out Russia's GRU for new malware campaign31/08/2023 16:15:00
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
Categorising UK cyber incidents23/08/2023 16:20:00
Explaining the NCSC and UK law enforcement categorisation model for cyber incidents.