Monday, 2 October 2023

What can we learn from the NCSC’s sixth Active Cyber Defence report?

The NCSC has published its latest Active Cyber Defence report, outlining the most significant cyber threats faced by British businesses. What can we learn?

In July, the UK’s national cyber security centre published the sixth edition of its Active Cyber Defence report, outlining some of the most significant cyber threats faced – and reported by – British businesses. What can we learn from its revelations?


October is National Cybersecurity Awareness Month. So over the next few weeks we will be publishing content on our blog all related to the topic of cybersecurity.


In this blog we look at the Active Cyber Defence report, published annually by the UK’s national cyber security centre (NCSC). The report is intended as a summary of the work the NCSC completes under its active cyber defence programme.

This programme includes the operation of the NCSC’s suspicious email reporting service, its early warning service to which British businesses can sign up for free to hear about the latest threats and vulnerabilities, and other proactive services designed for small businesses, such as Check Your Cyber Security.


What can we learn from the NCSC’s sixth Active Cyber Defence report?

The 2023 Active Cyber Defence report has revealed that in 2022 British businesses and citizens reported a suspicious email or website every five seconds.

This amounts to a staggering 7.1 million suspicious emails or URLs being flagged to the NCSC team over the course of the year – the equivalent of 20,000 reports per day.

The NCSC’s Director for National Resilience and Future Technology, Jonathan Ellison, likened the threat environment to mythological beast, saying the cyber threat environment “resembles the Hydra – cut down one attack, another springs up in its place.”

Of these reported attacks, phishing scams remain the most prevalent attack hosted in the UK. Although the NCSC reports that the proportion of global phishing campaigns being hosted in the UK has declined.

Opportunistic attacks which purport to come from UK Government sources remain high, although they have dropped from their peak in early 2021 by 17 percent. In 2022, the highest number of UK Government branded attacks came, respectively, from the National Health Service (NHS), TV Licensing, HM Revenue & Customs,, the DVLA, and Ofgem. 

The latter source made the list because, in September and October 2022, there was an influx of phishing attempts targeting the UK government’s Energy Bills Support Scheme. This indicates the hackers’ willingness to exploit current events to theme and target their attacks – something of which we all need to continue to be wary.


What is the NCSC’s response to the highlighted threats?

The 2023 report makes it clear that the NCSC continues to take these types of attack very seriously. 

The average time it took for a malicious URL from the Internet once it had been reported to them as suspicious was a little under six hours.

In total, the NCSC has taken down nearly a quarter of a million malicious website links directly from the Internet since April 2020. Many of these 235,000 malicious URLs were reported by British businesses to the NCSC’s suspicious email reporting service.

The report also highlights a growing appetite for cyber security services by British businesses. In 2022, the number of small businesses signing up to the NCSC’s free services increased by 39 percent.

The NCSC’s Jonathan Ellison called on more British businesses to make use of the NCSC’s free resources. He stated, “Small businesses have a key role to place in making it safer to work and live online, which is why we are making it even easier for them to shore up their defences with accessible, free tools and soon, to manage these effortlessly via our integrated MyNCSC platform.”

Other threats highlighted in the report include celebrity scams and bogus impersonation emails, web shells, brute force attacks and Ukraine war cryptocurrency donation scam emails.

It concluded that, “Most of our ACD initiatives address enduring cyber security challenges: sharing knowledge of threats, closing down vulnerabilities, responding to breaches. The specifics change over time, of course, but the overall need to tackle them through automation will persist, because as things stand that’s the only realistic way of generating the scale and reach required.”


What next?

If you would like advice about how to protect your small business from cyber threats, our team can assist with tailored advice and recommendations. Get in touch to find out more.

Call us: 0808 164 4142

Message us: 

Further reading

You can discover additional advice and insights about a variety of cyber security topics on our blog:

•    What does the war in Ukraine mean for your cyber security?

•    The year in review: 2022’s biggest tech stories

•    Is your business data at risk? Don’t take chances with old tech

•    What are the risks of ChatGPT and large language models (LLMs)? And what should you do about them?

•    Do your backups include this important information?

•    Cyber Crime on the Rise: how can you protect your organisation from it?

•    What is a watering hole attack? And how can you protect against it?