In his CYBERUK address to an audience of 2,500 people in Glasgow from across the tech community (including Government, academia and industry), GCHQ director Jeremy Fleming talked about the organisation’s cyber security mission in the third decade of the Internet age.
Drawing on the results of the recent UK Cyber Security Survey which found that only 15% of people said they knew how to protect themselves online, Fleming outlined how GCHQ plans to do more to take the burden of cyber security away from the individual. GCHQ will continue to work closely with device manufacturers and online platform providers to build security into their products and services at the design stage.
Fleming also shared the significant impact of the National Cyber Security Centre’s (NCSC) Active Cyber Defence Programme which uses automation to block attacks at scale in order to make the Internet safer for people to use. Last month, the UK hosted share of global phishing dropped below 2% for the first time. It’s down from 5.4% in 2016 when the programme began.
He also provided an example of the success achieved by working in partnership with others, noting the work done with HMRC. In 2016, HMRC was the 16th most phished brand globally, accounting for 1.25% of all phishing e-mails sent. Today, it’s ranked 146th and accounts for less than 0.1% of all phishing e-mails.
For the first time, Fleming talked about how the NCSC is sharing real-time cyber security information with the private sector such that the latter can act on it. He also set out how GCHQ plans to scale this capability for all business sectors in order to build a genuinely national effort to tackle malign state cyber actors, criminal malware or people on The Dark Web trading credit card details.
Banks must take action
On that note, Alex Boothroyd (senior banking fraud solutions specialist at SAS UK and Ireland) commented: “While it should be a huge help to banks that GCHQ is happy to share real-time cyber security information in the fight against credit card fraud, banks should not be reliant solely on this support. Rather, it’s the banks themselves who should be taking action. With £1.2 billion lost to bank fraud in 2018, it’s clear that financial institutions must be proactive in preventing financial crime before their customers become victims.”
Boothroyd continued: “There’s a lack of awareness among Britons around how to protect themselves online. Therefore, companies must make a greater effort to leverage technology to combat scams and provide a safety Internet for customers against the increasingly sophisticated techniques of fraudsters. A sluggishness to implement such measures could be costing banks millions. Banks must not simply deal with the repercussions of fraudulent activity. Rather, they must tackle the issue from the outset. While it’s true that part of the solution rests in educating customers around the techniques that scammers use, technology will play a more vital role in foiling fraud.”
Further, Boothroyd stated: “Artificial Intelligence (AI)-powered fraud prevention can help to alleviate the pressures on customer fraud teams at banks and increase the accuracy of detection methods. As the techniques used by fraudsters become more advanced, so too must companies’ defences if they’re to maintain the trust of their customers while also saving them money. AI provides the capabilities that businesses need to protect customers against this form of fraud. It’s therefore vital that they invest in the necessary technology if they want to stay ahead of the curve rather than relying on the protective tools of intelligence officers.”
In closing his Keynote Speech, Fleming stressed the need for continued and increasing collaboration between Government, academia and industry partners both at home and abroad to ensure a safer and more successful UK.
*CYBERUK is the UK Government’s flagship cyber security event hosted by the NCSC
**View the full text of Jeremy Fleming’s speech here