British businesses and citizens reported a staggering one suspicious emails and website every five seconds according to a report released by the National Cyber Security Centre (NCSC), an agency of the Government Communications Headquarters (GCHQ).
Between January and December 2022, the NCSC’s free Suspicious Email Reporting Service (SERS) received approximately 7.1 million reports of suspicious emails and URLs.
This equates to nearly 20,000 reports per day, with a significant contribution coming from UK businesses. The NCSC acted upon these reports, resulting in the direct removal of approximately 235,000 malicious URLs from the internet, an average of less than six hours from the time of reporting.
While large corporations often have dedicated resources to tackle cyber threats, small businesses constitute 99 per cent of the UK’s business ecosystem and face unique challenges in achieving robust cyber security.
Recognising the importance of small businesses in national prosperity, the NCSC launched two accessible ACD services in 2022 to support them.
The first, Email Security Cheque, provides a quick and simple way for small businesses to assess email security aspects such as anti-spoofing and email encryption. Since its launch in April 2022, over 54,000 email domains have been scanned using this tool.
The second service, Check Your Cyber Security (CYCS), offers a scalable vulnerability check tool tailored specifically for small organisations to identify and fix critical vulnerabilities independently.
National Chair of the Federation of Small Businesses (FSB) Martin McTague commended the NCSC for making its services accessible to SMEs. McTague stated that cybercrime is viewed as the most impactful crime for small businesses in terms of both cost and disruption to their operations.
By providing accessible tools and expertise, the NCSC is enabling small businesses to enhance their protection in the digital world.
The report also revealed notable trends in cyber threats during 2022. Phishing scams remained the most prevalent form of attack hosted in the UK, although the number of global phishing campaigns hosted in the country showed a decline.
Additionally, opportunistic attacks using the HMG brand decreased by 17 per cent. However, cryptocurrency scams exploiting the crisis in Ukraine were consistently prevalent throughout the year.
The ACD programme’s Protective Domain Name Service (PDNS), which offers safeguards to prevent organisations from accessing malicious sites containing malware and phishing attacks, played a significant role in protecting UK entities.
In 2022 alone, PDNS blocked a staggering 11 billion DNS queries for 420,000 domains, providing a crucial layer of defence against cyber threats.
NCSC Director for National Resilience and Future Technology Jonathon Ellison said cyber security was not solely the responsibility of tech specialists but requires the active engagement of businesses. Ellison expressed the NCSC’s commitment to supporting small businesses in bolstering their cyber defences through accessible, free tools and the upcoming integrated MyNCSC platform.
