Northumberland, Cardiff and Denbighshire councils have been named as three of the organisations best defending themselves from online scams.
The National Cyber Security Centre (NCSC) has published a report into its Active Cyber Defence (ACD) programmes which aim to improve basic cyber security by disrupting commodity cyber attacks that affect UK citizens.
The ACD programmes include Web Check, DMARC, Public Sector DNS and a takedown service, and they are designed to block fake emails, remove phishing attacks and stop public sector systems veering onto malicious servers.
Entitled Active Cyber Defence - One Year On, the report found the UK share of visible global phishing attacks dropped from 5.3% in June 2016 to 3.1% in November 2017.
It highlights the fact that the takedown availability times for sites spoofing Government brands are down from 42 hours to 10 hours.
There has also been a dramatic drop of scam emails from bogus ‘@gov.uk’ accounts (total of 515,658 rejected in one year), and an average 4.5 million malicious emails per month were blocked from reaching users.
There were more than 1 million security scans and 7 million security tests carried out on public sector websites.
The report also highlighted the organisations best defending themselves from spoof attempts thanks to implementing ACD programmes.
Among these were Northumberland County Council (59,405 attempts in August), Cardiff Council (31,728 in December) and Denbighshire County Council (25,627 in May).
‘Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states,’ said Dr Ian Levy, technical director of the NCSC.
‘The ACD programme intends to increase our cyber adversaries’ risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks.
‘The results we have published today are positive, but there is a lot more work to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.
‘Our measures seem to already be having a great security benefit - we now need to incentivise others to do similar things to scale up the benefits to best protect the UK from commodity cyber attacks in a measurable way.’
