The chief exec of the National Cyber Security Centre – a branch of the UK's spy nerve-centre GCHQ – has called on everyone to enable two-factor authentication for their emails. This follows revelations that almost the entire population's details are available for sale on the dark web.

Speaking at the Parliament and Internet Conference, Ciaran Martin said nearly everyone's email addresses are available on the dark web, but added that more personal data sets, including national insurance numbers, were much less commonly available.

"We recommend that everyone puts 2FA on their emails," he said. "That will hopefully continue to be significant improvement [in combating] that sort of stolen data."

Martin last week revealed that hackers acting on behalf of Russia had targeted the UK's telecommunications, media and energy sectors.

Speaking at The Times Tech Summit in London, he said: "I can't get into too much of the details of intelligence matters, but I can confirm that Russian interference, seen by the NCSC, has included attacks on the UK media, telecommunications and energy sectors. That is clearly a cause for concern – Russia is seeking to undermine the international system."

But he told delegates today that while GCHQ will need to continue to build up its cybersecurity capability against Russia, Iran, China and North Korea – "that really sophisticated stuff hard to do at scale."

He said most cyber criminals relied on targeting organisations via phishing campaigns and have created management information traffic light dashboards to assess how easy they would be to target.

"Some cybercriminals would pass a Harvard MBA test, if it wasn't for the rampant criminality," he said. Unsurprisingly, he called on organisations to do more to prevent such attacks by improving their infosec.

"My goal is that our best people can spend more time on these threats [of state adversaries] and the UK as whole can become better equipped for the digital age."

On the subject of smart meters, he said: "That is a controversial system, but it was an opportunity for us to get past legacy systems to build security in from start." Smart meters have been criticised for not being adequately secure prior to GCHQ stepping in.

"It would need to be three simultaneous state-level attacks to do national harm [to smart meters]," he said. ®