CyberScotland Bulletin

May 2023

CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

National Cyber Security Centre (NCSC)

Cyber Essentials technical requirements v3.1 goes live

Version 3.1 of the Cyber Essentials Requirements has been released. All Cyber Essentials certifications started on or after the 24th of April will be assessed using this version.

As first previewed in January, this 2023 update is a ‘lighter touch’ than the major update in 2022, however, it features several clarifications and some important new guidance. Further details on these changes can be found in the NCSC’s earlier news article and in a blog post from their Cyber Essentials delivery partner, IASME. A refreshed set of FAQs is also available.

This update is part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats. All changes are based on feedback from assessors and applicants and have been made in consultation with technical experts from the NCSC. As well as the updated requirements and new question set, IASME are also providing more guidance documents to help applicants during the certification process. This includes articles to help applicants understand the questions, as well as access to a dedicated knowledge base. These resources will become available over the coming months.

Read more about it here

CYBERUK 2023

CYBERUK 2023, the UK’s flagship cyber security event run by the NCSC was successfully held in Belfast on the 19-20 April. The theme for 2023 was securing an open and resilient digital future.

The event examined how today’s cyber ecosystem – a sector worth £10 billion to the UK economy – can strengthen, join together and innovate in order to resist the threats, be ready for the opportunities and keep the UK the safest place to live and work online.

In her closing remarks NCSC CEO Lindy Cameron said “We’ve had fascinating speeches & panel discussions, opportunities to meet new people & connect with new contacts. What makes this event is having you here, making those conversations about how to make the future better. Thanks to all of you. For coming, both in-person and online. It’s been really special to be here in Belfast and I hope you’ve enjoyed it as much as me. As is tradition, we’re pleased to announce the location for #CYBERUK24: Birmingham. Safe home and thank you for the craic.”

Head over to the official CYBERUK YouTube page here to find exclusive videos and interviews between Lindy Cameron and Jen Easterly, Hermann Hauser and many more.

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Trending topics

Microsoft users are being targeted by scammers with ‘storage full’ emails

If you use Microsoft and you’ve received emails warning you that your storage is full, it’s worth double-checking that they’re legitimate. Scam emails have been seen that will try to trick you into giving away personal data through a phishing email impersonating Microsoft to get more storage.

Any suspicious emails should be forwarded to report@phishing.gov.uk, where they will be investigated by the National Cyber Security Centre (NCSC). Scam websites can also be reported to the NCSC on its website.

To report scam emails on a Microsoft account, click on the three dots in the top right-hand corner of the email, select ‘Report’ and then ‘Report phishing’.

Read more about it here: Scammers are targeting Microsoft users with ‘storage full’ emails

Cyber security breaches survey 2023

The Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the National Cyber Strategy. It is primarily used to inform government policy on cyber security, making the UK cyberspace a secure place to do business. The study explores the policies, processes and approach to cyber security for businesses, charities, and educational institutions. It also considers the different cyber attacks and cyber crimes these organisations face, as well as how these organisations are impacted and respond.

 The 2023 publication includes coverage of the following areas:

  • prioritisation, information seeking (including use of government guidance) and decision making on cyber security, including among organisations’ management boards
  • cyber security approaches, covering risk management (including cyber insurance and supply chain risks), technical controls, staff training and responsibilities and governance
  • the cyber threat landscape, including identification of cyber security breaches or attacks, their outcomes and impacts, their estimated financial cost
  • incident response approaches and reporting of cyber security breaches or attacks
  • the prevalence, nature, scale and financial costs of cyber crime, as well as the prevalence, nature and scale of fraud that occurred as a result of cyber crime.

Read the 2023 Cyber security breaches survey here

Getting Companies House in order: the rise of fraud on the UK’s company register

Companies House, founded in 1844, is responsible for maintaining the definitive register of UK companies.

The cost of registration fraud

  • Individuals have their names and identities stolen, or are tricked into parting with their money.
  • Banks and government departments are tricked into approving business loans and grants. 
  • HMRC and debt collectors are unable to track down the true owner of a company.

The Economic Crime and Corporate Transparency Bill will introduce compulsory identity verification checks for every new company officer before a company can be formed. Additionally, Companies House will be able to query filed information it believes is ‘suspicious, misleading or fraudulent’. However, users will need to continue to exercise caution when the new rules come into force, as it may take years for existing companies to be checked in the same way as new ones.

Read more about it here

UK government’s new fraud strategy to ‘block scams at the source’

The government has stated that it is stepping forward in the fight against scammers, with it’s new Fraud Strategy, with action to block fraudulent communications at their source and allow suspect payments to be delayed.

Prime Minister Rishi Sunak stated that “Fraud now accounts for over 40% of crime. It costs us nearly £7 billion a year and we know these proceeds are funding organised crime and terror. What’s more, new technologies are making these scams easier to do and harder to police.

It’s time to take the fight to the scammers and fraudsters, and put an end to these crimes which can devastate lives and livelihoods within seconds.”

Among the many aspects of the new strategy, aiming to deliver a 10% cut in fraud on 2019 levels by December 2024, the government will:

  • establish a new national fraud squad with over 400 new posts and make fraud a priority for the police
  • deploy the UK intelligence community and lead a new global partnership to relentlessly pursue fraudsters wherever they are in the world
  • ban SIM farms which are used by criminals to send thousands of scam texts at once
  • ban cold calls on financial products so fraudsters cannot dupe people into buying fake investments
  • stop fraudsters from being able to send mass text messages by requiring mass texting services to be registered, subject to a rapid review

For more information on the Fraud Strategy click here

The full document is available here: Tackling fraud and rebuilding

Microsoft aims to get more women into cyber security

Microsoft is expanding their cyber security skills initiative to the United Kingdom, Chile, Indonesia, and Spain, and delivering grants to nonprofits to help skill people for the cyber security workforce.

The demand for cyber security skills has grown by an average of 35% over the past year, while the volume of cyber attacks has increased by 74% in just one year. Women make up only 25% of the global cyber security workforce, so Microsoft is launching new partnerships with organizations focused on skilling women in cyber security.

That is why they are launching a series of new partnerships with organizations focused on skills education for women in cyber security.

Read more about it here

World Password Day on 4 May 2023

The first Thursday of May is World Password Day, established to help raise awareness of the importance of strong passwords.

Passwords are an important step to help keep our accounts secure online, and often one that many people under value.

Methods to help you choose a strong password include:

  • Combining three random words. See this blog from NCSC about why the technique works.
  • Use a different password for all your accounts. This makes it more difficult for hackers to break into your account.
  • NCSC encourages people to use password managers which can help create strong passwords for you (and remember them).

Check out or guide on choosing strong and separate passwords here for more in depth advice

Newsletters / Campaigns

Free handbook offered to SMEs to fight rising levels of cybercrime

Cyber Strategy for Small Organisations a comprehensive new guide, has been produced to help SMEs combat the ever-growing threat of cybercrime, by the country’s leading experts in the field – the CyberScotland Partnership.

The guidebook outlines short, medium, and long-term priorities SMEs should consider when developing their own cyber security strategy, with tactics ranging from password protection and backups, to undergoing a security audit and obtaining certifications.

The free handbook, was created by ethical hackers at the Cyber and Fraud Centre – Scotland, one of the Partnership’s founding partners and was written specifically for people without any technical background in the subject.

Its publication comes as the latest research from Vodafone reveals that more than half (54%) of UK SMEs experienced some form of cyber attack in 2022, up from 39% in 2020.

  • Read more about it here
  • To read or download a free copy of the Guide at the CyberScotland website click here
  • To hear an official CyberScotland podcast episode on the Guide click here

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Training and Webinars / Events

Cyber and Fraud Centre Public and Third Sector Roadshow

The Cyber and Fraud Centre is hitting the road and will deliver a series of events for Public and Third sector organisations across the country. These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2023.

Everything discussed will tie in with additional resources available and help you fully utilise these within your own school, college, or university. There will be guest speakers at each event, but the overall topics will be the same across the board. Each event will be in person giving everyone an excellent chance to network with others working within education and academia interested in cyber security.

The dates include:

Cyber and Fraud Centre Cyber Executive Education Programme

In today’s landscape of escalating cybercrime, mitigating cyber risk is not the Chief Information Security Officer’s responsibility alone — it is everyone’s job.

Getting ahead of hackers and other security risks requires the active engagement of non-technical management and an overall commitment to building a cyber security culture within your organisation.

This programme, which is developed and delivered by Ciaran Martin, former CEO of the National Cyber Security Centre, provides CEOs, Directors and Non-Executive Directors with frameworks and best practices for managing cyber security-related risk, separate from the specialised IT infrastructure typically associated with this topic.

This two-day, in-person course includes lectures from Ciaran Martin and the Cyber and Fraud Centre’s Head of Ethical Hacking and Professional Services, Declan Doyle and highly interactive discussions, as well as case studies related to:

  • Increasing your overall cyber security awareness.
  • The role of non-tech leaders play in cyber security management.
  • Actionable ideas to increase cyber resilience.
  • How to measure your organisation’s cyber-safety level — and how it’s changing over time.
  • How to speak the language of cyber security to enable informed conversations with your technology teams and colleagues and ensure your organisation is as cyber secure as possible.

For more information or to sign up click here

There will be 3 modules delivered over the 2 days, and there will be interactive case study work outside of the programme in groups. For more details on the modules, click here.

Scottish Computing Science Week presents opportunities for focusing on cyber security

Put a hold in your planner for the week of the 15th May 2023 and join CSscot23 for exciting interactive live computing science lessons. Below is the exciting offering for CSscot23 but remember to keep your eyes peeled for more updates and details as they release them (everything will be added here)!

Let them know what you’re planning to join or anything you’re planning in your own setting on twitter @digilearnscot #CSscot23

To see the range of sessions and sign up click here

Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Back to top of the page