Want an Early Warning? Don’t mind if I do

Is your organisation based in the UK, but not signed up to the National Cyber Security Centre’s (NCSC) Early Warning system yet–and if not, why not?

The Early Warning system is designed to identify cyber attacks on UK businesses before they are executed, and then to let that business know. This early warning means that the targeted organisation can work to prevent the attack happening at all. And it’s free.

How does Early Warning work?

The service doesn’t scan your network. It scans a variety of information feeds looking for information relating to signed-up organisations, and if it spots anything, sends those organisations alerts.

These alerts might be:

  • Incident notifications; activity on your network suggesting it has been compromised
  • Notifications of potentially malicious activity; indicators that something on your network may be acting suspiciously
  • Vulnerability and open port alerts; indications of vulnerable services that could be exposed to attack.

The Early Warning system now has around 8,000 organisations signed up. In 2022:

  • 570 organisations were warned about active malware on their network
  • 1,193 were warned about potentially malicious activity on their network
  • 2,270 organisations were warned about vulnerabilities on their network.

This means that many UK businesses were able to tighten up their security before a problem occurred.

Why isn’t every business signed up?

There are about 5.5 million businesses in the UK; that’s a long way from 8,000.

Most of the reason for the slow take up will be lack of awareness, so do tell your business contacts about Early Warning.

However, although the service itself is free–and valuable–you do need to have a static IP address so that it can work, and this is likely to come at a small additional cost, depending on your internet service provider.

What is a static IP address?

An IP (internet protocol) address identifies your device so that you can communicate online with other devices – it means that the network knows where to send data.

A static IP address is one that doesn’t change – it is assigned to you. The other option (and one that is used for most people’s home networks) is a dynamic IP address, which may change frequently.

A static IP address is like your home address, in that you can receive packages there; you can give that address to other people, and they’ll know where to find you.

A dynamic IP address means that although people can still send you information, it might take a little longer to track you down, because your current address might have changed.

For most home broadband users, it doesn’t matter whether you have a static or a dynamic IP address. It makes no difference to your broadband speed, or to your phone line.

How does that help?

Going back to the Early Warning service: a static IP address means that the Early Warning system can know that this particular IP address is yours. (A dynamic IP address might have been yours yesterday, but someone else’s today). The system can look at the millions of pieces of data that it receives, and identify anything related to your IP address. Early Warning will then send alerts to the contact details you gave them when you set up your account, which are associated with your static IP address. Once you get an alert, of course, it’s important to act on it quickly.

It’s easy to sign up to Early Warning: do go and have a look. If you’d like any help from us, on this, on acting on the alerts, or indeed any other cyber security topic, call us on 0113 733 6230, or contact us via the website.