As the National Cyber Security Centre (NCSC), our goal is to create a comprehensive suite of services that assist organizations in safeguarding against cyber threats. Some services we provide directly, leveraging our unique position, while others are offered through industry partners under NCSC assurance. We continuously evaluate the services we provide and aim to transition…
The annual DSIT workforce survey continues to highlight a significant cyber security skills gap within many organizations. While the government focuses on long-term strategies to close this gap, the NCSC provides a variety of digital and industry cyber services to assist organizations in safeguarding their data. In-House or Outsourced Cyber Security? Many organizations opt to…
This month marks a significant achievement in the realm of post-quantum cryptography (PQC) with the publication of three new algorithm standards (ML-KEM, ML-DSA, SLH-DSA) by NIST, the national standards organization of the United States. The NCSC has updated our PQC white paper to acknowledge this milestone. While the core technical messages of the document remain…
As online shopping becomes more prevalent, it is crucial to be aware of the rising threat of internet fraudsters looking to exploit our personal and financial information. The following guidelines will assist you in securely shopping for products and services online. Verify the Store’s Legitimacy Before making purchases from unfamiliar online retailers, take steps to…
Introduction This document is intended for organizations, regardless of size, who are contemplating the purchase of cyber insurance. The focus here is not to serve as a complete guide for cyber insurance buyers, but rather to highlight the key cybersecurity considerations associated with cyber insurance. For those looking into cyber insurance options, the following questions…
A recent report highlights the vulnerabilities of the legal sector to cyber attacks, outlining the tactics employed by cybercriminals and offering strategies for organizations to enhance their defenses. The Cyber Threat Report: UK Legal Sector has been released by the National Cyber Security Centre (NCSC), with contributions from various entities including the Law Society, Bar…
Overview of Penetration Testing Penetration testing serves as a fundamental approach to assess IT system security, though it should not be overestimated as a sole solution. This guidance aims to equip you with the knowledge necessary for the appropriate commissioning and application of penetration tests. It also assists in planning your ongoing security measures, enabling…
Today marks the eighth anniversary of the National Cyber Security Centre (NCSC), a division of GCHQ, since it first opened. As I prepare to conclude my role as interim CEO tomorrow, I find myself reflecting on our organization’s journey and what lies ahead. Over the past eight years, we have witnessed significant technological advancements, an…
For several years, we have strongly advocated for the use of multi-factor authentication (MFA). MFA, also recognized as 2-step verification (2SV) or two-factor authentication (2FA), serves as a protective measure against various common threats aimed at user accounts. This is the reason our 2018 guidance delivered a straightforward message: organizations must begin implementing 2FA for…
Addressing the Issue of Security Awareness Let’s begin with an essential truth: many long-standing security practices are ineffective. For instance, advising users to avoid clicking on dubious links often fails. Users often must engage with links from unknown domains as part of their work, and identifying phishing attempts is typically not within their job description….
