The director of Cheltenham-based GCHQ has outlined how the UK’s intelligence and security organisation plans to take more of the burden of cyber security away from the individual, working closely with device manufacturers and online platform providers to build security into their products and services at the design stage.
In the speech at CyberUK 2019, to an audience of 2,500 people from across the tech community, including government, academia and industry, Director of GCHQ Jeremy Fleming, talked about its cyber security mission in the third decade of the internet age.
He highlighted results from the recent UK Cyber Security survey which found that only 15 per cent of people said they knew how to protect themselves online. He also shared the significant impact of the National Cyber Security Centre‘s (NCSC) Active Cyber Defence programme which uses automation to block attacks at scale in order to make the internet safer for people to use. Last month the UK hosted share of global phishing dropped below 2 per cent for the first time, down from 5.4 per cent in 2016 when the programme began.
He also provided an example of the success achieved by working in partnership with others, noting the work done with HMRC. In 2016, HMRC was the 16th most-phished brand globally, accounting for 1.25 per cent of all phishing emails sent. Today it is ranked 146th and accounts for less than 0.1 per cent of all phishing emails.
For the first time, he talked about how the NCSC is sharing real-time cyber security information with private sector so they can act on it. He also set out how GCHQ plans to scale this capability for all business sectors in order to build a genuinely national effort to tackle malign state cyber actors, criminal malware or people on the Dark Web trading credit card details.
The Director stressed the need for continued and increasing collaboration between government, academia, industry partners both at home and abroad to ensure a safer, more successful UK.
CYBERUK is the UK government’s flagship cyber security event, hosted by the National Cyber Security Centre (NCSC).