Skip to content

Cyber Security Advice from the NCSC’s Annual Review (2023)

Page contents

    The National Cyber Security Centre (NCSC), a part of GCHQ, is the UK’s technical authority for cyber security, which provides advice and guidance to develop best practice for the country as it becomes increasingly digital.

    The recently published NCSC Annual Review 2022, the sixth report since the series launched back in 2016, examines the challenges and milestones of the past 12 months in pursuit of a mission to position the “UK as the safest place to live and work online”.

    Even with an increasingly remote workforce, and as businesses migrate more processes across different cloud platforms, cyber security consultation has only become more urgent in the prevention of, and cure for, today’s most aggressive and persistent attacks online. The NCSC report, which understands that threats are multiplying, starts with Russia’s illegal invasion of Ukraine and concludes with new strategic advice.

    What are the most pressing challenges identified by the NCSC? Better yet, what can be done to manage and remediate today’s most prevailing threats?

    The Most Reviewed Cyber Security Risks in 2022

    Here are the top three challenges outlined by the NCSC’s Annual Report in 2022 – read more to discover how your business can evolve with cyber security best practice and guidance.

    Even though a statement from the NCSC was published earlier in the year in relation to geopolitical tensions rising across Ukraine’s borders, the advice was clear: “complacency” is the enemy to a well-thought-out cyber security strategy.

    The statement, though largely cautious in tone, warned UK industries to remain vigilant in the “long haul”, staying watchful and observant of threats that rise and fall beyond our own geographical borders – not just those outside our IT environments. The illegal invasion created what the NCSC have identified as a “spill over” of malicious cyber activity, a kind of leakage of incidents that has been felt worldwide. Cyber attacks are folded into Russia’s wider military playbook, which, whilst a major cyber event has not occurred in the UK, has led to a heightened and alerted state of cyber security.

    The advice, overcoming any potential risk from this globally disruptive event, has been to review, assess and strengthen cyber security controls in the long term, looking to sustain better posture and flex this against state-sponsored attacks that might surface at any moment.

    Identified by the NCSC and reinforced by what CSI’s cyber security consultants are observing, existing threats like malware remain just as relevant even in 2022 and beyond. It is an easy oversight to mistake existing threats as less relevant, or even not as damaging, when building a wall around an IT environment and fortifying it with technical controls. But malware innovation has ensured that, over time, this attack type has only increased in sophistication.

    Ransomware – which unpacks into threats like malware – remains one of the most significant risks to businesses in the UK. To find out more about managing the ransomware challenge, read our advice.

    Not all threats are equal in the landscape of cyber activity, just as today’s most prevailing risks are likely to evolve, change, and reshape. This will challenge how we think of cyber security and what tools and knowledge we utilise to combat it.

    The NCSC’s guidance refreshingly changes the conversation away from a look inside today’s threats, instead elaborating on where it forecasts the greatest risks to be in the near future. Even the most resourceful businesses may find it challenging when the commercial availability of disruptive cyber tools enables threats to mobilise against them more rapidly.

    There is a growing appetite for security products. Most businesses, often when they outsource their cyber security capability or seek consultation, will invest in a toolchain of security products to defend against threats. But toolchains and services – part of a wider criminal marketplace – are being developed maliciously to target organisations.

    The NCSC observes:

    “Off-the-shelf cyber surveillance products and hackers-for-hire offering bespoke services are among the capabilities likely to become more advanced and more available, and could be used ‘with greater frequency and less predictability’.”

    For organisations, malicious toolchains and services in the wrong hands have considerable power to disrupt even the most hardened forms of cyber security.

    How the Cyber Security Conversation Changed in 2022

    The language around cyber security has evolved over time. Cyber resilience, nowadays, more adequately captures all the pressures and controls that fall under the responsibility of cyber security best practice.

    “Resilience-building”, according to the NCSC, needs to continue at a much more accelerated pace to fill gaps in an organisation’s defence. This focus on resilience – now under the nation’s magnifying glass – is a step change in the security conversation, because it prioritises a much more thorough approach to security layers that envelopes a business, its employees, and its data.

    Resilience is on the nation’s agenda for security best practice. But that’s now expanding into a wider “cyber security ecosystem”. So, what is an ecosystem? This is a much broader description of a security environment that contains professionals, tools, devices, and services that are in constant engagement and interaction with one another. It is advisable for businesses to view their overall cyber security as much larger than any tool.

    Is Cyber Resilience on Your Agenda in 2023?

    CSI’s security capability is helping organisations to remain defenced against the most pressing threats by becoming more resilient. Our cyber security consultants understand the challenges facing businesses – from budget restraints to malware intrusions, and proper tool configuration. Unlike other MSPs, CSI views security more holistically, offering comprehensive coverage from end-to-end, so that your people, technologies, and data remain protected.

    Find out more about our cyber security consultancy services, or get in touch with one of our consultants today to talk about your risk resilience.

    About the author

    Leyton Jefferies

    Head of Cyber Security Services

    Leyton is responsible for vendor management development, and the design of CSI’s security portfolio.

    Ready to talk?

    Get in touch today to discuss your IT challenges and goals. No matter what’s happening in your IT environment right now, discover how our experts can help your business discover its competitive edge.