Highlights from the NCSC annual review

Posted Nov 6, 2020 by Tim Sandle
The level of cybersecurity threats continues to rise, as the U.K NCSC report highlights. These threats come in different forms, and one of the highlighted defences is adopting Protective Domain Name Services.
Pascal Pochard-Casabianca, AFP/File
Following the publication of the U.K. National Cyber Security Centre (NCSC) Annual Review 2020, a number of issues have been raised relating to cybersecurity threats. One of the concerns is in relation to Protective Domain Name Services (PDNS).
The report considers PDNS activities undertaken to bolster cyber defence, especially in the face of the coronavirus pandemic. In particular, PDNS was rolled out to 235 front-line health bodies across the U.K., including National Health Service (NHS) trusts.
In terms of protective measures, since March 2020, the NCSC has shared more than 200,000 Incidents of Compromise (IoC) with PDNS and other domestic and international partners. Fortunately, many NHS and critical sector organisations were onboarded in March, pre-pandemic peak. 290 more organisations are now using PDNS, compared to the level in 2019.
Looking at the report for Digital Journal is David Carroll, Managing Director at Nominet Cyber (Nominet works on PDNS with the NCSC).
Carroll begins my assessing the report: “The NCSC’s Annual Review shows the tremendous work being done to counter cyber attacks against the UK and Nominet is proud of its involvement, delivering PDNS. In particular, the report shows a real rallying of the troops as the pandemic began to hit and a concerted effort not to let our defence fall as a nation."
However, the level of cybersecurity threat is considerable. As an example, Carroll notes: "Malware comes in many shapes and sizes and the findings that ransomware has seen such an increase, is indicative of this worsening threat. We must use all the resources we have available. Technology which stretches across the breadth of the public sector but has depth in its execution."
In terms of how to address this, Carroll recommends improving public knowledge, stating: "We need to encourage diversity and stimulate interest in cyber security among those at the very start of their education, to ensure we have adequate expertise. Partnerships will also be essential to tapping into unrivalled knowledge and experience."