NCC Group welcomes UK NCSC’s Annual Review 2022

The UK’s National Cyber Security Centre (NCSC) has released its annual review for 2022, summarising the organisation’s achievements over the last year, as well as looking ahead to future priorities and challenges to ensuring the UK is the safest place to live and work online.

This year’s review is the sixth iteration of the report and identifies the five key threats, risks and vulnerabilities currently facing the UK:

• Ransomware remains an ever-present threat and major challenge to private and public organisations, with 18 major incidents requiring a nationally coordinated response in 2022.
• Commodity attacks, such as phishing and hacking of social media accounts, are identified as the most significant threat facing citizens and small businesses, following 2.7 million cyber-related frauds in the UK over the 12 months to March 2022.
• The proliferationand commercial availability of high-end disruptive and offensive cyber capabilities and tools used by state and non-state actors is likely to continue increasing, posing a growing threat to the UK.
• Threats to the global supply chain have continued over the past year, with attackers accessing target victim organisations’ networks or systems via third-party vendors or suppliers.
• The disclosure of the Log4j vulnerability highlighted the challenges associated with weaknesses in IT systems that can be exploited to deliver successful attacks.

Findings and highlights from this latest review demonstrate how NCSC is driving a “whole of society” approach to cyber resilience – a core tenet of the UK Government’s National Cyber Strategy 2022. NCSC has particularly emphasised the role the cyber security industry play in keeping organisations and individuals safe and secure.

‘Secure by design’ - building services and devices that are secure at the source – is also a key theme in NCSC’s latest review, in a bid to shift the security burden away from end-users. This comes as the UK Government recently signalledits intention to place additional responsibilities on providers of online services and accounts to protect citizens against unsophisticated cybercrimes.

Ollie Whitehouse, global CTO at NCC Group, said: “The NCSC plays a critical role in the UK’s cyber resilience ecosystem, empowering organisations to manage their own risk through principles-based advice and guidance, building the UK’s cyber capabilities and skills, and driving forward the nation’s ambition to be a global cyber power. Rightfully, it continues to be recognised for its ground-breaking approach to creating and driving a shared public-private mission to make the UK safer and more secure, as demonstrated by initiatives like Industry100.

“At a time of serious global economic and security risk, we are pleased to see the importance of these private and public sector partnerships reflected in NCSC’s latest review.

“There is much that can be achieved when the best of the public and private sectors come together, and we look forward to continuing to work with the NCSC as it delivers true cyber resilience at scale.”