Coffee Break Cyber with Mark Godsland

The National Cyber Security Centre (NCSC), a part of GCHQ, is the UK’s technical authority for cyber security. Since the NCSC was created in 2016 as part of the Government’s National Cyber Security Strategy, it has worked to make the UK the safest place to live and work online.

This review of its fifth year looks at some of the key developments and highlights between 1 September 2020 and 31 August 2021. As part of a national security agency not all its work can be disclosed publicly but the review seeks to describe the year with insights and facts from colleagues inside and outside the organisation.

This year’s review has a focus on five distinct areas of cyber security with each chapter highlighting key achievements and developments.

The Threat
How the NCSC assesses, responds to, disrupts and deters cyber threats.

How the NCSC is building a cyber resilient UK.

How the NCSC is spearheading research and analysis to find new ways to secure the UK’s digital systems.

How the NCSC is strengthening and growing the UK’s cyber security ecosystem.

Global Leadership
How the NCSC is advancing UK leadership in support of a free, open, peaceful and secure cyberspace.

Guidance for retailers to prevent websites

becoming Black Friday cyber traps

The NCSC encourages small online shops to protect their customers from cyber criminals over key shopping period.

  • National Cyber Security Centre notified over 4,000 small business sites whose customers’ payment details were being stolen
  • The UK’s cyber experts reveal that hackers are exploiting a vulnerability in popular e-commerce software
  • SMEs urged to update software to avoid financial and reputational damage

Small online retailers are being encouraged to protect their customers and profits from the threat of callous shopping skimmers who could target them on Black Friday and Cyber Monday.

The activity of skimming exploits a vulnerability in software used at the checkout page on shopping sites to divert payments and steal details of unsuspecting customers. The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities.

The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform.

Retailers are urged to ensure that Magento – and any other software they use – is up to date. The NCSC’s website has guidance on running a secure website, including moving businesses from the physical to the digital.


The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. The NCSC has monitored for these shops since April 2020 and issued warnings to site owners and SMEs about their software being up-to-date.


Active Cyber Defence – Early Warning 
available to everyone

Eligibility for Early Warning

Early Warning is open to all UK organisations who hold a static IP address or domain name.


About Early Warning

Early Warning is a free NCSC service designed to inform your organisation of potential cyber-attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.

Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.

Organisations will receive the following high-level types of alerts:

  • Incident Notifications – This is activity that suggests an active compromise of your system.
    For example: A host on your network has most likely been infected with a strain of malware.
  • Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
    For example: A client on your network has been detected scanning the internet.
  • Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
    For example: You have a vulnerable application, or you have an exposed Elasticsearch service.

Early Warning does not conduct any active scanning of your networks itself, however some of the feeds may use scan derived data, for example from commercial feeds.


How to register for Early Warning

  1. Signup to Early Warning
  2. You will need the following details to sign up:
  • Your NCSC Single Sign On details (if you don’t yet have an account, follow the link on the Early Warning signup page to create an account)
  • Your organisation’s name
  • Your organisation’s public IP addresses and domain names
  • The details of the contacts you wish alerts to go to (at least name and email address).


Threat Reports

The NCSC has released several threat reports over the past month. The reports can be accessed here.

If you would like to receive future threat reports direct into your inbox you can subscribe here.


Save the date

CYBERUK 2022 takes place at the ICC Wales, Newport on 10-11 May 2022.


Registration for this event will open early 2022.


The National Cyber Security Centre is proud to present CYBERUK 2022, the UK Government’s flagship cyber security event, in ICC Wales, Newport on 10-11 May 2022.

The NCSC will present a programme of compelling, interactive and inspiring sessions from Wales’s largest exhibition venue, the International Convention Centre (ICC), Newport.


In 2021, the event took on an exciting a new format as CYBERUK ONLINE was delivered via a dedicated You Tube channel. For 2022, we’re excited to be returning to an in-person event with the addition of a selection of open access content being streamed through the dedicated CYBERUK YouTube channel.



free personalised list of actions that will help you improve your cyber security.


This tool is designed at individuals, families and SMEs but is also useful for medium and large businesses to educate their employees or customers.


You can find out more information by clicking on, Cyber Aware



The NCSC has recently undertaken a Threat Assessment of the Manufacturing Sector.

If you would like to view a copy of the Threat Assessment, please register for CiSP access. 


More information on how to register can be found here


Have you spotted a suspicious email or text?

If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Forwarded suspicious texts to7726.
This free-of-charge short code enables your provider to investigate the origin of the text and take action, if found to be malicious.

argon Buster

Credentials – A user’s authentication information used to verify identity – typically one, or more, of password, token, certificate.


Whitelisting – Authorising approved applications for use within organisations in order to protect systems from potentially

Have you received a phishing email recently? You can now report it to


For further information see:


Report a suspicious website – NCSC.GOV.UK


Create your own Cyber Action Plan to improve your cyber security here:


**Guide to the reporting of Fraud and Cyber Crime to Action Fraud**

Skip to content