The fourth Annual Review of the National Cyber Security Centre (NCSC), released at the end of last year, sheds fascinating light on the threats we faced online in 2020 against the backdrop of a global crisis.
Perhaps unsurprisingly, the coronavirus pandemic takes a dominant role in report, which outlines what the NCSC has helped to deliver between September 2019 and August 2020. However, a collection of other areas make for very interesting reading, and also highlight a variety of comms challenges organisations both inside and outside the cyber security arena may face.
The NCSC took on more cyber threats than ever before according to the review, (723 incidents, of which 200 alone related to coronavirus) demonstrating how the fight against malicious actors both within Britain and abroad looks set to continue in 2021.
While defending democracy has always been a key priority, the unique cyber challenges produced by a general election and the introduction of a “virtual Parliament” meant security was of vital importance to the country. Having worked hard to safeguard the election and protect the Register to Vote site, the NCSC also provided advice for members of Parliament and their staff on DDoS attacks, phishing attempts, and remote working. It’ll be interesting to see how the media cover and the government reacts to any data breaches caused by human error here in 2021. As we know all too well, honest mistakes can lead to mass disruption, so communication will play a vital role in assuring citizens that their private information, or that of the government’s inner most workings, is not in jeopardy this year.
Elsewhere, the review also covers the UK and Singapore entering into an Internet of Things (IoT) security pledge, in the hope of driving improvements in the creation of smart consumer products in both countries. An agreement of this nature sends a clear signal to manufacturers: Security must now be built into a product before it’s taken home by a consumer. Too long has the burden of expectation been put on the general public to bolt on measures to make items safe to use following a purchase. I’ll be tuning in closely to see how this rhetoric evolves in the year ahead, and how much of a focus brands place on this as part of their marketing efforts to customers.
And finally, the NCSC also published its first analysis of the sports industry, revealing 70% of sports institutions had suffered a cyber incident in the past year – double the average for UK businesses. This was far higher than I’d anticipated, especially since such organisations have taken such a hard hit during the pandemic. Perhaps cybercriminals saw 2020 as their opportunity to strike, hoping companies in the space would score an own goal? The measures to prevent criminals cashing in will certainly have been warmly welcomed though I’m sure.
Really encouragingly, this year’s report shows a solid commitment to helping the industry evolve and diversify further. The introduction of a record number of young people to cyber through a variety of skills programmes was great to read about. Given the need to diversify the UK’s future cyber security workforce to more accurately represent the general public, the 60% rise in young women applying for remotely taught summer courses for one of the programmes is really promising.
With King Edward’s School crowned winners of the NCSC’s CyberFirst Girls Competition, and the NCSC also partnering with Girlguiding South West England to drive more female representation in the community, here’s hoping to future partnerships with impactful communications which help a more balanced workforce take to the field in years to come.
Interest in the NCSC’s ‘Exercise in a Box’ tools was great to read up on too.
These exercises support both businesses and individuals in testing their own cyber defences against real-world scenarios. Having seen the change in working cultures due to the events of 2020, the NCSC developed a specific exercise on remote working, helping companies gain insights on where and how current practices may unwittingly be presenting alternative risks – for both employees and customers.
It’s one thing to ask people to read advice on an issue, and another to take steps to show them how that issue plays out in reality. There is no more powerful communication tool than having someone experience first-hand what you’re trying to tell them.
What is certain, is that increasing our understanding of cyber security threats and continuing to evolve approaches to addressing them will remain of upmost importance.
Input from global partners to help Britain detect, disrupt and communicate effectively on shared threats will be vital as well. Only via collaboration on cyber incident management and response, will we be able to effectively defend democracy, counter high levels of malicious state and criminal activity, and protect businesses and consumers against those who act against us.
No doubt the NCSC has another tough year on its hands. But through the use of clear and focused narratives, I believe it can continue to help make the UK a safer place to live and work online.
Written by Jenny Jones, Senior Account Director, Business & Technology