The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
Education, Skills and Training Bulletin
The CyberScotland Partnership recently shared our new Education, Skills and Training Bulletin. This bulletin is dedicated to forthcoming educational opportunities relating to cyber resilience and cyber security. Read it online, and subscribe to be notified when the next issue is released.
National Cyber Security Centre (NCSC)
Cyber Threat Report: UK Charity Sector
The NCSC has launched a report for the UK Charity Sector.
This report is to help charities understand current cyber security threats, the extent to which the sector is affected and why they can be particularly vulnerable, and where charities can go for help. It includes case studies, including from the Edinburgh Festival Fringe Society, and lots of useful links to guidance, training and services which offer support.
NCSC Threat Report
The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here. To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.
Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).
State-sponsored spear-phishing campaign alert
NCSC has warned of the threat from targeted spear-phishing campaigns against organisations and individuals carried out by cyber actors based in Russia and Iran.
The advisory shares details about the techniques and tactics used by the attackers as well as mitigation advice. Organisations and individuals are urged to stay vigilant to potential approaches and take action to secure online accounts.
The NCSC’s Reporting Service
The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.
As of December 2022, Suspicious Email Reporting Service (SERS) has received over 16 million reported scams since its launch in 2020, which have resulted in 110,000 scams have been removed across 200,000 URLs.
You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
If you become a victim of cyber crime you can report this to Police Scotland by calling 101.
Trending topics
CyberScotland Week, 27th February – 5th March 2023
It’s less than 3 weeks to go until CyberScotland Week. Throughout the week, you’ll have the opportunity to participate in a wide range of interactive sessions, workshops, and panel discussions led by experts in the industry.
Over 80 events have been confirmed so far, with topics ranging from managing your digital footprint, tackling fraud, understanding threats aimed at businesses and charities, and information about pursuing a career in cyber security.
Confirmed events include:
- Cyber Security 2023 Conference: in Glasgow, looking at government policy around digital security
- OT & IT Cyber Summit: in Aberdeen, for those working in the critical infrastructure centre
- Career Progression in Cyber: online, discussing the various career routes into cyber security
- CyberFirst Development Days: various locations, designed to increase understanding of the different specialisms within cyber security and equip girls with valuable, in-demand skills
- Cyber Security Basics: webinar, learn how the internet is continually evolving and how criminals can use this to their advantage.
- Cyber Threats to Charities: webinar, learn the reasons why a charity may be a target
This is a fantastic opportunity for you and your organisations to stay secure online and learn how you can protect yourself, protect your business and be more cyber aware.
Visit the CyberScotland Week website to view the full event listing and book your space.
Keep up to date on social media: Facebook, Twitter, LinkedIn #CSW2023
CyberFirst Girls Competition
The CyberFirst Girls Competition is the NCSC’s flagship cyber security contest for schools, which opens annually to girls in S2 in Scotland. The competition final took place last weekend, with school girls across the country taking part.
The finalist worked in teams to crack cyber-related puzzles, with the top-scoring team in each home nation or region crowned the local champion. Thirteen teams around the country claimed victory at the finals with Stirling High School winning in Scotland. The winners from each region will be invited to a dinner and celebration day taking place later this year.
The top 3 Scottish schools were:
- 1st Place – Stirling High School
- 2nd Place – Hyndland Secondary School
- 3rd Place – Douglas Academy
The competition aims to inspire girls to consider pursuing careers in cyber security, as currently female representation in the sector is low, with women accounting for just 22% of the UK’s cyber workforce.
The CyberFirst programme offers a range of free opportunities aimed at offering young people the skills, opportunities and exposure they need to thrive in cyber security.
Safe Online Dating
The majority of accounts on dating websites are genuine people looking for romance, but fraudsters have been known to target those looking for love.
You could be at risk of falling victim to romance fraud. This is when your date uses the illusion of a friendship or relationship in an attempt to gain your trust so they can try to manipulate you, usually for financial gain.
Get Safe Online has shared some advice on dating online with safety and confidence.
You can read our blog on Romance Fraud for additional practical advice on how to keep yourself and your bank account and savings protected whilst meeting people online.
Newsletters / Campaigns
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Training and Webinars / Events
Public and Third Sector Cyber Roadshow, SBRC
Scottish Business Resilience Centre (SBRC) is delivering a series of events for public and third-sector organisations across the country.
These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2023. Everything discussed will tie in with additional resources available and will help you fully utilise these within your organisation or charity. Each event will be in person giving everyone an excellent chance of networking with others working within the public and third sector with an interest in cyber security.
Book for an upcoming event
NCSC Digital Loft: Updating the Cyber Essentials technical requirements for 2023
The NCSC and its Cyber Essentials delivery partner, IASME, have announced that the technical requirements for Cyber Essentials will be updated in April.
This annual update aims to ensure that organisations with Cyber Essentials continue to guard against the vast majority of common cyber attacks.
To coincide with the publication of the refreshed requirements, NCSC will be hosting a deep dive session on the technical changes on the 14th of March 2023.
Register today to get a preview of the changes and make sure you have all the info you need before the update goes live in April.
You can register here for the 14th March.
Cyber Security for Small Businesses
In November, the National Cyber Security Centre and Information Commissioner’s Office ran a webinar giving simple, practical advice to small organisations to improve cyber security and data protection compliance.
They break down the types of cyber incidents that could affect small businesses and provide useful tips on how to avoid becoming a victim of such attacks. They also provide guidance on what small businesses need to do if they’re subject to a cyber-attack.
You can report cyber crime to Police Scotland by calling 101. The Scottish Business Resilience Centre’s Cyber Incident Response Helpline (0800 1670 623) can support organisations that have been a victim of an attack and provide expert guidance to get back to secure operations.
Watch the recording