On 16 October, NCSC-UK (part of GCHQ) released their second annual review for 2018. The report is really well-written and provides insights on how large scale impact can be achieved. This is a really good example of planning and implementing a well structured and funded cyber security program and National Cyber Security Strategy.
What caught my attention is the Active Cyber Defence (ACD) services and their impact:
1. Web check – vulnerability scanning of websites
2. Protective DNS – DNS sinkholing and passive DNS usage
3. Takedown – service to take down phishing and malware sites
4. Mail check – using DMARC to prevent and detect fake emails
The impact of the ACD services can be seen below.
Other NCSC and governmental organisations can definitely learn from UK’s NCSC approach and methodologies used.
Read the full report here: https://lnkd.in/eFBDaMm
The podcast released is also great: six members of the NCSC team talk through the methodology behind the tactics they have deployed in more than 1,000 incidents since launching two years ago.
Podcast link: https://lnkd.in/eYGWg6b