The NCSC has published guidance on two ideas at the heart of modern cyber defence: observability and threat hunting. The language is technical, but the message is simple and applies to businesses of every size — you can't catch an attacker in a part of your systems you can't see.
What the NCSC is saying
The NCSC's view is that observability (having a clear picture of activity across your networks, devices, accounts, applications and cloud services) is the foundation for threat hunting (proactively looking for signs of intrusion). As its CTO put it, "you can't hunt what you can't see." The problem is that most organisations have blind spots — "dark corners" like unmonitored cloud services, personal devices, or unofficial "shadow IT" that no one signed off.
It also makes a more advanced point: relying only on simple indicators like bad IP addresses or file fingerprints isn't enough, because attackers change those constantly. Better detection looks at how attackers behave — their tactics and techniques — which is much harder for them to disguise.
Why this matters for your business
Many smaller businesses still rely on little more than basic antivirus and hope. The trouble is that modern attackers increasingly "live off the land" — using legitimate tools and stolen logins so they look like normal activity. Without visibility and active monitoring, an intruder can sit inside a network for weeks unnoticed. The earlier you can see and stop them, the smaller the damage.
What to do
- Map your blind spots. Know every device, cloud service and account that touches your business — including the unofficial ones.
- Turn on logging and keep it. You can't investigate what wasn't recorded.
- Move beyond basic antivirus to modern endpoint detection and response (EDR) that flags suspicious behaviour, not just known viruses.
- Have someone actually watching — alerts only help if they're seen and acted on.
This is the heart of what managed security delivers: visibility across your systems and someone keeping watch. We provide exactly this for businesses across Greater Manchester. Get in touch if you'd like to understand your current blind spots.