Re: What is the NCSC really for?
For businesses they actually do quite a lot - there are a series of industry-specific forums (CiSP) to share information and intelligence about current and emerging threats, and they have a very handy service called Early Warning where you can register your domain names and IP subnets to receive early warning information if they appear on a number of blacklists, including several that aren't commercially available.
I'd strongly encourage any sysadmin to get their company to register with Early Warning (https://www.ncsc.gov.uk/information/early-warning-service). CiSP is less convenient for small businesses but again I'd say essential for anyone who is part of an IT Security team or has sufficient spare resource to spend the time monitoring the forums.
Biting the hand that feeds IT
