CyberScotland Bulletin

August 2022

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

Scottish Cyber Winner 2021
Section DIGI Ken?

DIGI Ken?

Last month, we launched CyberScotland’s ‘DIGI Ken?’ TV adverts. The adverts aim to raise awareness of the steps users can take to ensure they stay secure online.

These are based on the NCSC’s Cyber Aware key actions of choosing strong passwords consisting of 3 random words, turning on 2-Step Verification and updating your devices. Installing the latest software and app updates as soon as they are available helps to keep devices safe from online threats. The NCSC has published advice to help individuals do this promptly.

Find out more and watch the videos here.

Section National Cyber Security Centre (NCSC)

National Cyber Security Centre (NCSC)

NCSC announce Cyber Advisor scheme for Cyber Essentials

National Cyber Security Centre (NCSC) is inviting organisations to help develop a new Cyber Advisor service.

A Cyber Advisor will be an individual assessed by the NCSC as having a good understanding of baseline security controls and the ability to provide practical help to companies who want to achieve them. Qualified Cyber Advisors will initially focus on helping their customers meet Cyber Essentials, a baseline to help guard against the most common cyber attacks. The advisor will assess the customer and its internet-facing IT, helping to identify where organisations meet (or don’t meet) the Cyber Essentials controls.

To launch this service, the NCSC is now inviting both individuals and organisations offering cyber advice to register their interest in the scheme.  All applications will be received by the Cyber Advisor delivery partner IASME, and advisors need to be part of an Assured Service Provider organisation to be able to carry out this service. The initial 100 Cyber Advisor assessments will be funded by the NCSC.

scott-graham-OQMZwNd3ThU-unsplash
Section

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

The NCSC are not aware of any specific, targeted cyber threats to the UK as a result of the Russian invasion of Ukraine but is encouraging organisations to remain vigilant and follow their advice to improve your security.

The NCSC has urged organisations to prepare for an extended period of heightened threat and has published guidance aimed at supporting staff resilience.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites. As of July 2022, the NCSC has received over 13 million reported scams which have resulted in 91,000 scams being removed across 167,000 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Section Trending Topics

Trending Topics

Protecting children and young people online

If you are a Parent or Carer you will no doubt have concerns about your child or young persons’ access to online activities. In our latest blog, we share guidance, resources, and signpost to organisations that support victims of online crime.

Cyber First Aid Box

Education Scotland has launched a new Cyber First Aid Box for families. Designed in partnership with Decode Cyber Solutions and Education Scotland’s digital skills team, this resource contains information about cyber security and will help you support your child’s recovery after a negative online experience. It asks you a series of questions to help you determine the best response to a harmful online incident, including how to approach the subject with children and young people. It provides practical information about online safety and security and has some useful advice to support both your child’s emotional wellbeing and your own emotions.

Cyber First Aid Box
Section

SBRC to deliver Exercise in a Box workshops

Scottish Business Resilience Centre (SBRC) will be delivering the National Cyber Security Centre’s ‘Exercise in a Box’ programme for a third year.

SBRC will run an extended programme of online and in-person workshops for those in the public sector as well as teams working in health, housing, and social care in Scotland’s third sector, to take them through cyber exercising.

The ‘Exercise in a Box’ workshops, which has already benefited 450 organisations helping them to find out how resilient they are to a cyber attack. The workshops help you to evaluate your readiness to respond to cyber incidents. In a session, you will be asked several cyber-related questions based on a specific area of cyber security, to help you better understand some of the risks that you are currently exposed to and where improvements may be required. The workshop topics previously included mock scenarios such as a third-party software compromise, a ransomware attack and a threatened sensitive data leak. The next event series will run for 12 months and include a range of new scenarios.

Organisations interested in learning more about ‘Exercise in a Box’ are invited to attend an online taster session on the 25th of August, 10am.

Section

Checking fraudulent websites

Opportunistic criminals can create fraudulent websites and make them look professional or convincing as a way to steal your personal data. It’s important to make sure that you are on a legitimate website before sharing your personal information. Consumer Rights organisation Which?, has shared tips to help you identify and avoid scam websites.

Get Safe Online has partnered with Cifas, the UK’s leading fraud prevention service, to launch ‘Check-a-Website’. Check a website is an easy-to-use online tool which helps determine whether a website is likely to be legitimate or a scam before you visit it. Provided in the UK by Get Safe Online, in conjunction with Cifas, ScamAdviser, Barclays and other partners, it cleverly uses an algorithm to provide a trust score based on more than 40 data sources as well as thousands of reports of malicious websites from law enforcement agencies, regulators and consumer brands every week.

Hosted on Get Safe Online’s UK website, individuals can also access this new feature here. https://www.getsafeonline.org/checkawebsite/

CheckaWebsite_Instagram_post-3
Section Newsletters / Campaigns

Newsletters / Campaigns

Cost of Living – Scams Awareness Campaign

In conjunction with a number of partners, Trading Standards Scotland (TSS) will be launching a month-long campaign aimed at raising awareness of potential scams linked to the ongoing cost of living crisis. As prices and bills continue to rise, many consumers will have financial worries heading into autumn and winter. Scammers may attempt to exploit these anxieties and target people online and via cold calls, emails and text messages in an attempt to obtain their personal details and bank account information.

Each week of the campaign will focus on a different issue which is likely to affect Scottish consumers – case studies will be highlighted and information-sharing webinars will be held to help people recognise and avoid scams in these areas.

In each week of the campaign, the work of the Scottish Illegal Money Lending Unit will also be highlighted.

 

A breakdown of each themed week is as follows:

  • Week 1 – Impersonation Scams
  • Week 2 – Energy Scams
  • Week 3 – Financial Scams
  • Week 4 – Counterfeit Goods and Online Shopping

The campaign will launch on Monday 5 September. If you are interested in signing up for any of the webinars, please contact Laura Jamieson at laura@cosla.gov.uk for more information.

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Section

Neighbourhood Watch Scotland

Sign up to the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Section Training and Webinars / Events

Training and Webinars / Events

Fun and interactive cyber security training, Scottish Union Learning, 14 and 21 September

Public sector workers: Do you want to improve your cyber security habits and learn how to use security apps? Here’s how to do it without boring presentations or complicated technical instructions.

Up your knowledge and confidence on this micro course run over two 2-hour sessions. You’ll earn a certificate and (real!) badge on completion. You don’t need any technical knowledge or experience to take part.

Feedback from other public sector workers say that this course is “friendly and non-patronising” “entertaining and informative” “first class” “very clear and not full of tech language” “thoroughly enjoyable” “clear and non-judgmental” “just what I needed but was too afraid to ask”

Join us and register your place now

Practical workshop image 768×430
Section

Scottish Cyber Awards 2022

Applications are open for the Scottish Cyber Awards. These awards, hosted by the Scottish Business Resilience Centre, have 12 categories which celebrate the outstanding individuals and organisations in the Scottish cyber industry.

CyberScotland is thrilled to be sponsoring the new ‘Cyber Community Award’ this year, which recognises those who are delivering the cyber message and helping build the Cyber Community of Scotland. SBRC is looking to hear about communities you are involved in or have created where cyber is playing a part. This can range from a cyber meetup of tech-minded individuals to delivering cyber education to the elderly in your community. Nominations are welcomed by either individuals or groups.

If you or someone you know has made a difference to the cyber security of Scotland then send in your nominations today!

Applications close on the 31st of August 2022.

MicrosoftTeams-image (6)
Section

9/12 Strategy Challenge

The Cyber 9/12 Strategy Challenge is a cyber policy and strategy competition where students compete in developing policy recommendations tackling a fictional cyber catastrophe. Dewar Cyber Consulting Ltd, the Atlantic Council, the Scottish Government and Abertay University are bringing a new iteration of the Cyber 9/12 Strategy Challenge to the cyberQuarter, Abertay University, Dundee, on the 18 and 19 October 2022.

Over 2 days, teams of students from Scottish universities and colleges will work together to craft actionable policy recommendations in response to a scenario that examines cyber threats to resilience before presenting them to a panel of industry professionals.

Are you currently enrolled in a degree-awarding university or college? Then we want you to build a team and take on an exciting, escalating simulated cyber incident.

Register your team here. Registration closes on Tuesday, September 13th

Are you a cyber security professional with experience in dealing with cyber crises at a high level, or an academic with an interest in crisis management? Then apply to be on our expert judging panel and put the students through their paces.

Register to join as a judge.

912 Strategy Challenge
Section

SANS CyberThreat 2022, 12 and 13 September

CyberThreat 2022, is a two-day technical conference hosted by the NCSC and SANS Institute. Designed for security practitioners, it includes presentations from cyber security experiences and features hands-on opportunities for delegates to get involved in problem-solving activities and challenges. This event takes place in London, and some keynote presentations will be available to watch online. To register and find more information visit the SANS – CyberThreat website.

Cyber Threat 2022
Section Technical Annex

Technical Annex

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up to receive the technical bulletin.

Read the latest bulletin here

SBRC have launched a new Threat Intelligence webpage where they will share the latest threat alerts from their cyber and businesses resilience teams. Check here for new alert notifications.

Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Back to top of the page