Hacked firms mistaking NCSC staff for pranksters

The NCSC, which opened as the defensive arm of GCHQ in 2016, s organisations following cyber security breaches and attacks to confirm details and offer advice.

A number of organisations which have suffered security incidents have mistaken these s and failed to engage with the agency, Sky News has learned.

When the agency opened, the deputy director for its incident management directorate, Peter Yapp, explained the environment around its outreach work to businesses.

“If something [regarding a cyber incident and your company] breaks in the press, I‘ll get a call from someone in government,” Mr Yapp , before adding that he would be expected to explain to government what the incident meant.

“If you haven‘t phoned me and told me about it, I will phone you,” he added.

These kinds of s are being treated with suspicion, according to individuals with knowledge of the outreach efforts, who said the intelligence agency‘s staff had been accused of being pranksters.

These mistakes were especially understandable following security incidents, Sky sources added, when criminals can often attempt to take advantage of the confusion.

Image: NCSC has launched an online validation tool which will deal with the doubts

Businesses which have been ed by the agency are encouraged to use which allows them to confirm the identity of the staff member.

A number of organisations first encountered NCSC during and just after which hit the NHS last year and led to almost 20,000 hospital appointments and operations being cancelled.

NCSC aims to offer both the public and private sector incident response advice as British businesses continue to be hit by .

Sky sources noted that the situation is improving as the agency works on building a recognisable brand as a resource for providing cyber security advice.

A spokesperson for NCSC told Sky News: “As the UK‘s authority on cyber security, we are committed to providing effective incident response to minimise harm and provide expert advice and guidance when needed.

“On occasions when NCSC technical experts organisations about cyber incidents, we provide them with the option to confirm the caller‘s identity via the NCSC website.

“Our Validation gives reassurance to our customers and ensures best practice in keeping the UK‘s digital communities the safest place to live and work online.”