The National Cyber Security Centre (NCSC) released its annual review of 2020.  If you are unfamiliar with the NCSC, part of their mission is that they are “dedicated to making the United Kingdom the safest place in the world to live and work online.”   This is a lofty goal, and since the first report, issued in 2016, the NCSC remains steadfast in its vision.

This year’s report, which spans the period from September 2019 through August 2020, contains many interesting insights.  Here is a summary of some of the more salient points:

A new CEO at NCSC

An interesting development, although unrelated to cybersecurity, is the appointment of a new CEO at NCSC.  This is a positive change, as having someone new at the helm of a security organisation opens up the potential for a different perspective from their predecessors. This can be seen in the way a leader responds to the tactics of attackers.

Cyber attackers prefer to exploit areas that are either easy targets, or that they understand well through their criminal research. For example, a cyber gang could research the operational processes of security organisations, observing the organisation’s response patterns. In doing this, they are able to create workarounds to avoid detection when they conduct a real attack against a potential target. Having someone new come into an organisation provides the ability for the new CEO to take a fresh look at the current measures and add or remove any systems that are either not being used effectively or are old and outdated. A shift in those systems would disrupt all the research that the cyber criminals have been collecting, potentially pushing any attack plan back to the beginning.

COVID-19 takes center stage

Of course, similar to all other reports of 2020, Coronavirus (Read more...)