CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
National Cyber Security Centre (NCSC)
New cyber security training packages launched to manage supply chain risk
The NCSC has published free e-learning to help organisations manage the cyber security risks across their supply chains. The NCSC are delighted to launch two new e-learning packages that will help procurement specialists, risk owners and cyber security professionals to effectively manage risks across their supply chains.
The packages have been designed to accompany the NCSC’s existing guidance on Mapping your supply chain and Gaining confidence in your supply chain cyber security. The package is free to use, and includes knowledge checks. No login is required – just click on the link and start learning.
Read more about it here
The NCSC announces the forthcoming closure of the CCP scheme
The UK Cyber Security Council (UKCSC) took over stewardship of the NCSC’s Certified Cyber Professional (CCP) assured service in 2022, as one of the steps on its journey towards the creation of a new professional standard for cyber security and its long-term goals for individual specialisms within it.
It is the UKCSC’s mission to ensure and maintain the UK’s global leadership in the cyber industry, through the development of this series of professional standards. The Council are ensuring that cyber security practitioners receive the recognition they richly deserve – be it through Associate, Principal or Chartered status, in parity with other chartered professions. They are also ensuring that businesses can make the best, informed decisions when it comes to their cyber recruitment and provision under the new scheme.
The journey from CCP to Chartership: a timeline
Both the NCSC and the UKCSC are working together to ensure that these new standards meet not only the requirements of the UK’s Cyber Security Strategy but also to ensure the longevity of these new awards, as a benchmark of excellence, as the cyber security profession continues to evolve.
Read more about it here
New cloud security guidance: it’s all about the config
Ensuring a robust cloud configuration is a critical investment. The Cloud security guidance that the NCSC relaunched last year focuses on how to choose a good cloud service and gain confidence that your cloud provider can fulfil the responsibility you share with them to help you meet your security responsibilities.
NCSC has launched their new guidance on how to use a cloud service securely. It will help you meet your security responsibilities by ensuring you configure your chosen service well.
The guidance on using a cloud service securely comes in two parts:
- Software-as-a-Service (SaaS) where you configure and consume an application built and hosted by your provider
- Cloud platforms which you use to build and host your own applications using the provider’s services and infrastructure
Read the full article on the NCSC website
Trending Topics
Over 10,000 learners take part in Scottish Computing Science Week
Scottish Computing Science Week, a week of interactive computing science sessions successfully took place from the 15 – 19 May
During Scottish Computing Science Week:
- There were 11 national events.
- Over 10,000 learners joined the live lessons and assemblies from over 390 schools across Scotland.
- Over 700 practitioners joined the sessions.
- The #CSscot23 hashtag has been used over 1,000 times on Twitter
- There have been over 5,000 visits to the DigiLearn blog
- The Computing Science Scotland Week videos on YouTube have had over 1.6k views.
Even though Scottish Computing Science Week is now over learners can still take part in the Scratch Sustainability Challenge or visit the DigiLearn YouTube page for more lessons and activities that learners can take part in.
Read more about it here
MOVEit vulnerability and Zellis data extortion incident
Criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world. More than 100,000 people have been warned their personal data is in the hands of cyber-criminals as a result of the continuing mass hack.
MOVEit is a software which is designed to move sensitive files – such as employee addresses or bank account details – securely and is used by companies around the world.
Payroll services provider Zellis have suffered a data breach as a result, with customer data being stolen. The stolen information relates to employees at eight of Zellis’s customers, including the BBC, Boots and British Airways. It has also been reported that media watchdog Ofcom has become a victim of the mass hack.
An NCSC spokesperson said “The NCSC strongly encourages organisations to take immediate action by following vendor best practice advice and applying the recommended security updates.”
For more information on the MOVEit hack and its effects on Zellis click here
Over £1.2 billion stolen through fraud in 2022, with nearly 80% of cases involving advanced push payment fraud originating online
UK Finance has released its Annual Fraud Report, detailing the amount of money reported by UK Finance members that was stolen by criminals through financial fraud in 2022. This includes:
- Over £1.2 billion was stolen by criminals through authorised and unauthorised fraud in 2022, equivalent to over £2,300 every minute.
- 78% of advanced push payment fraud (APP) cases start online and 18% start via telecommunications.
- The banking and finance industry prevented a further £1.2 billion of unauthorised fraud from getting into the hands of criminals.
Over £1.2 billion was stolen through fraud in 2022, a reduction of 8% on 2021. The number of fraud cases across the UK was down 4% to almost three million cases.
For more details click here
The Cyber and Fraud Centre and Abertay University empower ethical hackers with real-world experience
The Cyber and Fraud Centre is providing opportunities for ethical hackers to gain practical experience in the field while studying. The Cyber and Fraud Centre and Abertay University’s collaboration aims to bridge the gap between academia and industry, providing students with real-world scenarios and experience in a safe and controlled environment.
Through their partnership with Abertay University, the Cyber and Fraud Centre allows students to actively contribute to their professional cyber services. This includes conducting vulnerability scans on organisations’ IT infrastructure, and engaging in phishing resilience exercises, utilising advanced facilities and tools.
Read more about it here
Listen to an official CyberScotland podcast interview with some of the ethical hackers here: Pursuing a Career in Cyber – Ethical Hacking | The CyberScotland Podcast
Microsoft scam: Outlook and Hotmail users are being targeted by fake ‘fraud protection’ emails
If you have a Microsoft Outlook or Hotmail email account, you may need to watch out for fake ‘fraud protection’ emails that prompt you to click on a link. These messages are the latest example of fraudsters impersonating Microsoft.
If you click the link, you’ll be taken to a spoofed login page where you’ll be asked for your email and password. If you enter your details, you’ll be giving the scammers access to your account and potentially any others that share the same email and password. Stolen data may also be used for further scams in future.
Read more about it here
For some tips from CyberScotland on scam e-mails click here
What is a VPN and why use one?
VPNs (Virtual Private Networks) are becoming an increasingly popular method of securing your internet activity by encrypting your data and creating a “private tunnel” between your device and your data’s destination or by changing your device’s IP address.
When you install VPN software from your chosen VPN service provider and activate it, the VPN works by connecting you to a network of servers owned by the provider. These servers serve as an additional layer of security when connecting to the websites you want to access.
To find out more about VPN’s and their benefits click here
Newsletters/Campaigns
Holiday fraud campaign launched
Police Scotland has recently launched a new holiday fraud campaign to raise awareness on the potential risks involved with booking a holiday online. Many people booking their summer holidays may not be vigilant to the possible dangers that come with online booking. In just one year £15.3m was lost to holiday fraud and there was a total of 6,457 holiday fraud victims.
Some tips suggested for securely booking your trip online and avoiding holiday fraud include:
- Use 3 random words to create a strong password for your email that’s different to all your other passwords. If 2-step verification (2SV) is available, always enable it.
- Book your holiday with a credit card, if you have one. Most major credit card providers protect online purchases, and are obliged to refund you in certain circumstances.
- If you fall victim to fraud or cyber crime, please report it to Police Scotland at scotland.police.uk or by calling 101
- Do some research before booking via a company you haven’t used before. You can find a company’s official website by searching for them on Google or another trusted search engine
Read more tips on holiday fraud on the CyberScotland website
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Training and Webinars / Events
Scottish Cyber Awards 2023 date announced
Now entering its 7th year the Scottish Cyber Awards has become the go to event in the cyber calendar. The awards will be taking place at the Assembly Rooms in Edinburgh on 30th November and will be hosted by comedian Fred MacAulay.
Run by the Cyber and Fraud Centre, the awards are a highlight of the Scottish cyber security calendar, providing an opportunity for networking as well as a celebration of achievements in the industry. This year’s awards will include Financial Fraud Team of the Year award, which will recognise a team that has demonstrated exceptional innovation, dedication and expertise in the fight against financial fraud, a rapidly growing crime in Scotland, a Woman of the Year award, Leader of the Year and many more
Applications for the awards are now open, and tickets will be on sale from 2nd October. More information about the awards can be found at https://scottishcyberawards.co.uk/.
Read more about it on the Cyber and Fraud Centre website
Train the Trainer – Exercise in a Box
Exercise in a Box is a tool that recreates real-world business scenarios and tests your cyber resilience in each scenario. It was developed by the NCSC and started as a self-use tool to help organisations test and practice their internal response to many cyber issues.
The Cyber and Fraud Centre have been facilitating sessions over the past few years, which has seen hundreds of organisations learn about it and how it can benefit their organisation. These ‘Train the Trainer’ sessions will take a different approach to the main sessions.
Instead of running through a practical scenario, they will be showcasing how you can facilitate a session in your own organisation. You will learn about how you can drive the most benefit from Exercise in a Box as we share all our learnings about what works and what doesn’t.
Register at one of the locations here:
Time 9:30 – 13:00
NB: Before joining this event it is important to have already joined at one of the main Exercise in a Box sessions, or already be familiar with Exercise in a Box.
Virtual College Expo23
Virtual College Expo – is coming to your screen on Wednesday 21 and Thursday 22 June 2023.
Virtual College Expo23 offers inspirational keynotes, interactive workshops, and thought-provoking seminars. You will leave the event feeling inspired and equipped with fresh ideas and resources to enhance your practice.
It is the perfect opportunity to learn from colleagues who work, study or are otherwise involved in post-16 education and training, and to share ideas and experiences on this year’s theme.
Find out more information and register here
See the programme of events here: CDN Expo Programme 2023
Censis Tech Summit
Save the date for the biggest event in the CENSIS calendar and the largest IoT-centred event in Scotland – the CENSIS Technology Summit
The annual conference takes place this year on Thursday 2 November, returning to the Royal Concert Hall in central Glasgow, marking 10 years of CENSIS innovation in Scotland.
Join the event for a full day of presentations celebrating best practice and leading edge ideas in sensing, imaging and IoT. The event will have a full house of exhibitors from companies from across the country, offering excellent networking opportunities and the chance to catch up with friends and connect with new businesses.
Exhibitor and other partner opportunities will be available soon. Make sure you sign up to receive the CENSIS newsletter to be the first to hear about registration opening or check up on the CENSIS website for further details.
IASME is partnering with the NCSC to deliver the Cyber Advisor scheme.
The Cyber Advisor scheme is a new Industry Assurance scheme run by NCSC and IASME aimed at small organisations without the in-house expertise or access to qualified people to help them secure their networks.
CEO of IASME, Dr. Emma Philpott stated ‘It can be hard to know where to find consultants that offer reliable and appropriate advice on cyber security, especially for SMEs. IASME is proud to deliver the NCSC’s Cyber Advisor scheme to provide a trusted source of good cyber security advice for small organisations’
There are approximately 20 companies ready to offer the Cyber Advisor (Cyber Essentials) service in every nation of the UK and in the Channel Islands. The aim is for many hundreds more companies and Advisors to become certified, allowing UK organisations to protect themselves against future threats.
Companies of any size can apply to join and they particularly welcome companies located in or serving geographically remote or under-represented areas
You can find more information on the Advisor Exam on the Cyber Scheme webpage.
For more general information on Cyber Advisors click here
To learn more about Cyber Essentials listen to this official CyberScotland podcast episode: Cyber Essentials | The CyberScotland Podcast