The new National Cyber Security Centre (NCSC) has opened for business. Created by the government to effectively become the backbone of the government’s new national cybersecurity plan unveiled by the then Chancellor, George Osborne, last November, the NCSC will work closely with GCHQ to tackle cyber threats affecting UK industry.

It was interesting to see that in his first public outing at a recent summit in Washington DC, Ciaran Martin, the chief executive, spoke about the need to move towards a more active cyber defence. Apparently the NSCS will be adopting a more active posture in defending the UK from cyber threats and is also championing the need for government, industry and law enforcers to work more closely together.

This is something that we’ve been talking about for the past few years, particularly when it comes to the need for organisations to be more proactive. We continue to see organisations, often large, high profile businesses, react (badly) when data breaches happen, and fail to have the right processes and procedures in place to effectively mitigate risks.

It’s surprising how many businesses still do not have the basics in place when it comes to information security, such as effective patch management or incident response processes.

The NSCS’s Ciaran Martin talks about the need to address large-scale unsophisticated attacks – “...far too many of these basic attacks are getting through. And they are doing far too much damage. They're damaging our major institutions.”

He’s right – last year’s Global Threat Intelligence Report revealed that a staggering 76% of the vulnerabilities identified had been known for two or more years. Perhaps more surprising was that 10% were over 10 years old.

It’s interesting to see that as part of its plans for a more active cyber defence, the NCSC will look into large-scale DNS filtering to automate blocking malware.

The NSCS will also prioritise the protection of our national infrastructure against cyber threats. Apparently more than 200 national security-level cyber incidents are logged every month and, while we haven’t yet seen a major national level attack of any scale, it’s only a matter of time according to Martin.

The days of sitting tight and doing nothing are long gone. The risk of a cyber attack is not going away and critical systems are not becoming less vulnerable to attack. The role of NCSC will be a hugely valuable one for UK businesses, but only if it does what it sets out to do in order to reduce the risk of cyber attacks.

All eyes are on the NSCS now it is open for business.