Ben Birchall/AFP/Getty Images
show image

The UK faces at least 300 cyber attacks a year from hostile states

The National Cyber Security Centre has defended British organisations against more than 300 state-backed cyber attacks over the last 12 months.

The agency outlined the scale of the UK cyber threat in its latest annual review, which reveals that it handled 658 major cyber incidents in the last year, more than half of which were carried out by nation states.

Most state-sponsored attacks on Western nations are conducted by just four countries: North Korea, Russia, Iran and China, all of which have developed sophisticated cyber weapons in recent years.

North Korean attacks are often financially motivated, while China specialises in corporate espionage and the theft of intellectual property. Russian and Iranian attacks, meanwhile, typically target critical national infrastructure.

NCSC’s annual review reveals for the first time the sectors of the economy it spends the most time defending. At the top of the list is government, followed by academia, IT, managed service providers and transport and health.

Government agencies are an obvious target for attackers, but hostile nations and cyber criminals are also targeting university research, as well as the IT and managed service providers which maintain corporate networks.

The review also details the work NCSC has undertaken to remove fraudulent websites. The initiative is called the “Active Cyber Defence” programme and has so far removed 177,335 phishing web addresses. NCSC claims to have taken down two-thirds of the sites in under sixty minutes.

A separate initiative, called Operation Haulster, has sought to protect individuals from credit card fraud. To date, the initiative has flagged up efforts to defraud more than one million stolen credit cards.

But speaking at the launch of the review in London on Wednesday, Ciaran Martin – the head of NCSC – said that “too many basic attacks” are still successful.

“There are too many incidents causing too much harm,” Martin warned. “We do need to get those basics rights but also need to look at what challenges are ahead. There are some real opportunities here to get ahead of the problem. We need to focus as a national organisation most on what matters to the UK.”

One of NCSC’s key areas of work is protecting democratic systems. The agency’s officials meet with politicians from across the political spectrum every three months. Martin said: “As talk of an election grows ever louder, we are ready in this building to work with the political parties, local government, the media and wider society to protect that most valuable of national commodities, our free and fair democratic system.”

As his speech drew to a close, Martin predicted that the rise of subscription services could usher in an era of better security. “We’re moving away from an internet economy where people give away large amounts of personal data for free […] which isn’t very good for security, to a model where more and more people are paying for products and services. This gives us an opportunity to introduce objective standards that consumers and businesses can judge when buying those products and services.”