CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
CyberScotland Partnership funding initiative now inviting proposals
We are excited to announce the CyberScotland Partnership funding initiative is now inviting proposals!
The Scottish Government‘s latest funding proposal program has been launched, which is aimed at strengthening cyber resilience within specific target groups.
We invite organisations to submit a proposal for grant-funded activity, where your organisation can receive funding ranging from £5,000 to £50,000. Collaborative proposals are also welcomed, fostering the spirit of cooperation and knowledge sharing within Scotland’s cyber security community.
Proposals must be submitted by Monday 24 July 2023
Find more details about it here
Download the Outline Proposal Form here
National Cyber Security Centre (NCSC)
Active Cyber Defence: Sixth annual report now available
New ACD services developed to help protect SMEs from the harms caused by cyber attacks.
The sixth annual report from Active Cyber Defence highlights the success of a “whole-of-society” approach in preventing millions of cyber attacks from reaching UK organisations and citizens each year.
The rationale for producing the report has remained constant during this time; a commitment to transparency, and basing their interventions on unbiased data and evidence to better understand the reality of cyber attacks, as well as the efficacy of their products and services.
The findings from the report included:
- A record-breaking 7.1m suspicious emails and websites reported to authorities in 2022 – equivalent to one every five seconds
- Nearly a quarter of a million malicious website links directly removed from the internet since April 2020
- It took less than 6 hours on average for the NCSC to remove reported malicious URLs from the internet.
- Businesses’ sign-ups to NCSC services up 39% in 2022 with launch of SME-specific tool empowering non-technical users to boost resilience
Read more about it here
NCSC CEO, Lindy Cameron’s speech on security and AI
In a major speech, Lindy Cameron highlighted the importance of security being built into AI systems as they are developed and not as an afterthought. She also emphasised the actions that need to be taken by developers to protect individuals, businesses, and the wider economy from inadequately secure products.
Cameron stated:
“We know, from experience, that security can often be a secondary consideration when the pace of development is high. AI developers must predict possible attacks and identify ways to mitigate them. Failure to do so will risk designing vulnerabilities into future AI systems.”
Read the full details here.
New techniques added to the NCSC’s ‘risk management toolbox’
Refreshed guidance published to help practitioners manage cyber risk.
It has been 5 years since the NCSC last updated their risk management guidance, since then a lot has changed in the worlds of global politics, technology, and cyber security.
Among the changes in the update are three entirely new sections:
- Firstly, they have developed an 8-step cyber security risk management framework to help you understand ‘what a good approach to risk management looks like’ for your organisation
- Secondly, they have introduced the idea of a cyber security risk management toolbox.
- Thirdly, a basic risk assessment and management method for readers who are new to risk management, or have a very simple risk management requirement.
Read more about it here
Cyber Threat Report: UK legal sector
Updated report from the NCSC highlights the key threats that the UK legal sector face and how to improve their cyber security.
The purpose of the report is to help law firms, lawyers and legal practices understand current cyber security threats, and the extent to which the legal sector is being targeted. It then offers practical guidance on how organisations can be resilient to these threats.
Read more about the document here
Read the full report here
Trending Topics
2023 Cyber Essentials Survey
The findings from the 2023 Cyber Essentials survey commissioned by Department for Science, Innovation and Technology indicate a range of positive changes in cyber behaviours from respondents after attaining Cyber Essentials certification.
Some of the key takeaways from the investigation include:
- 90% of the responding organisations felt that they received helpful support during certification.
- 67% of all respondents, including lapsed users, said that they would recommend Cyber Essentials to others.
- 71% of respondents reported an improved understanding of cyber security after going through the Cyber Essentials process.
Find out more about Cyber Essentials here
Or learn about Cyber Essentials by listening to an official Cyber Scotland podcast – Cyber Essentials
NCSC marks 20th anniversary of first response to state-sponsored cyber attack
The NCSC is marking the twentieth anniversary this month of GCHQ’s first response to a cyber attack perpetrated against the UK Government by another state.
A government employee detected unusual activity on one of their workstations and a suspected phishing e-mail was identified. This led to an investigation that later concluded that the intent of the attack had been cyber espionage by a nation state, setting in train a mission that today is at the heart of NCSC operations; namely, understanding and responding to cyber threats to the UK.
Unlike today, in 2003 there was no government agency set up to deal with cyber attacks, nor was there a dedicated national incident management function. This all changed in 2016 with the establishment of the National Cyber Security Centre, a part of GCHQ.
Read the full story here
Safeguarding social service organisations: the importance of cyber security
With ongoing digital advances, it’s important for social service organisations to recognise potential cyber security threats and understand the significance of implementing robust safeguards, along with appropriate policies, processes and continuous staff training.
What are the top three cyber security threats?
- Ransomware attacks.
- Data breaches
- Phishing and social engineering.
What technologies are available?
- Firewalls and intrusion detection systems.
- Secure network infrastructure.
- Endpoint security solutions.
The social service sector is a prime target due to the sensitive and valuable data it holds. The Scottish Social Services Council has therefore put together a blog to help offer guidance and strengthen the social services sector against cyber crime.
Read the full article here
Girvan Academy host CyberFirst Schools Awards
Girvan Academy in South Ayrshire hosted the CyberFirst Schools Awards, where secondary pupils from the region gathered. The awards, organised by the NCSC in partnership with Education Scotland, recognise exceptional performance and innovative projects by students. Girvan Academy proudly showcased their newly refurbished Computing Science department, including a state-of-the-art ‘cyber lab,’ highlighting their pioneering efforts in cyber security education.
Interim Chief Executive of Education Scotland, Gillian Hamilton said:
“It is fantastic to see teachers and young people from across South Ayrshire come together for the CyberFirst Schools Awards. I am pleased that Education Scotland is now a regional partner with the National Cyber Security Centre. Cyber skills are crucial for the future success of our children and young people who face a rapidly evolving digital world.”
Read more about it here
The Equality Roadmap: Elevating Women in Cyber
New Paper published by the UK Cyber Security Council
To celebrate International Women’s Day in 2023, the UK Cyber Security Council held their Elevating Women in Cyber Symposium.
This paper is a culmination of the talks, workshops, and discussions that took place
around the topic of encouraging more women to join and remain in the cyber
security sector.
Read more about it here: The Equality Roadmap: Elevating Women in Cyber
New research published to reveal digital youth work picture across Scotland
YouthLink Scotland has carried out an in-depth Digital Youth Work Survey, canvassing projects from across Scotland to understand what’s happening, where it’s happening and how the youth work sector can be supported to build capacity for cyber resilience.
The results showed that 70% of projects are currently using digital technologies to deliver youth work activities. The increased focus on digital activities is having a positive impact on young people’s employability, with 68% of projects supporting young people to improve their digital skills and knowledge.
Find out more here
The robotic falcon maker who lost £100,000 to cyber criminals
Entrepreneur John Donald sells robotic falcons around the world but still can’t believe that he fell victim to cyber-crime during the pandemic. He was targeted by a caller who claimed that they were from a joint banking task force and had discovered fraud in his account.
After much panic, a friend put Mr Donald in touch with the CyberScotland partner Cyber and Fraud Centre Scotland and six weeks later, his bank refunded the missing money.
The Centre’s CEO Jude McCorry said others had not been so fortunate. She added “Instead of always reacting to these crimes, we need to look at how we prevent it.”
Police Scotland is investing an additional £4.3m in its cyber-crime strategy to buy new equipment and provide training for all of its operational officers.
Read the full article here
Microsoft UK pledges support for Digital Skills for Defence
Personnel across the Ministry of Defence will benefit from enhanced digital skills, as a result of a new partnership with Microsoft UK.
Among the goals of the partnership are:
- Accelerating work on advancing digital skills development across UK Defence.
- Delivering skills development and training to thousands of personnel across UK.
- Transforming digital skills across the whole workforce for military personnel and civilians.
World Social Media Day
It was officially World Social Media Day on June 30. It’s very important to be cyber aware and keep protected online, therefore, the Cyber and Fraud Centre has produced some guidance for World Social Media Day to keep readers up-to-date
The article includes detailed descriptions on:
- Ways to prevent malicious attackers from compromising your account like two-factor authentication
- Advice for parents and carers
- Various scams and more.
For a break down of these and more in depth information read the full article: Tips, Tools, and Best Practices to Safeguard Your Social Media Accounts and Stay Safe Online
Newsletters/Campaigns
New cyber challenge announced by CivTech
At the recent launch of CivTech 9 a new cyber-related challenge, sponsored by Scottish Government, was announced. Open to everybody, Challenge 9.6 is encouraging innovative solutions to break the Ransomware criminal model.
“How can technology help Scotland’s public sector protect against ransomware and other forms of cyber-crime, and should they occur mitigate and recover from their effects, including data loss?“
Entrants will have until 22 August 2023 to enter their proposal. If accepted, the exploration interviews will be held on the 27 September and the process will carry on from there.
Find out more details about it here
A live Q and A will be held on 18 July at 15:00 click here to register
Cyber Readiness Check
The SCVO (Scottish Council for Voluntary Organisations) are partnering with the IASME consortium to offer up to 100 Scottish voluntary sector organisations a free Cyber Essentials readiness check.
How it works:
- Book your free 45-minute session with a cyber expert to review your cyber readiness and plan your next steps
- You’ll get copy of your readiness result, including action points and next steps to find out more
- You can use this information to set your priorities and take the steps you need to become more cyber secure.
- (Optional) If you want to, you can get additional support to achieve the Cyber Essentials Plus standard
You can book a 1-2-1 session with a cyber expert to help you assess your readiness for Cyber Essentials here
Find out more about it here
A guide to mobile malware: protecting your device
As mobile devices have become an integral, almost essential, part of our daily lives, the risk of malware infections has grown, particularly within Android devices.
The Cyber and Fraud Centre have produced a thorough blog to take you through the complex world of mobile malware, shedding light on how these infections occur, the potential consequences, and, most importantly, offering advice on protecting yourself from such threats.
Whether you’re an Android user grappling with the growing threat of malware or an iOS user navigating through a relatively secure environment, this guide provides practical advice and preventive measures to enhance your digital safety.
The Little Book of Big Scams
Don’t get fooled by the latest scams
The book contains information on fraud enablers, types of scams, what to do if you get scammed and more. Holidays, tickets for major sporting & music events, and unsolicited emails are three prime targets for fraudsters. Protect your organisation and reduce the chance of being scammed. Download ‘The Little Book of Big Scams’ for guidance on how to avoid the scammers
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Training and Webinars / Events
Train the Trainer – Exercise in a Box – Edinburgh and Glasgow
Exercise in a Box is a tool that recreates real-world business scenarios and tests your cyber resilience in each scenario. It was developed by the National Cyber Security Centre and started as a self-use tool to help organisations test and practise their internal response to many cyber issues.
The Cyber and Fraud Centre have been facilitating sessions over the past few years, which has seen hundreds of organisations learn about it and how it can benefit their organisation. These ‘Train the Trainer’ sessions will take a different approach to their main sessions.
Instead of running through a practical scenario, they will be showcasing how you can facilitate a session in your own organisation. You will learn about how you can drive the most benefit from Exercise in a Box as we share all our learnings about what works and what doesn’t.
Date and time:
Find out more here
NB: Before joining this event it is important to have already joined at one of the main Exercise in a Box sessions, or already be familiar with Exercise in a Box.
Our Certification Framework Journey – UK Cyber Security Council
This webinar will talk you through the journey to mapping cyber security certifications, and the framework used by the UK Cyber Security Council.
The UK Cyber Security Council’s Certification framework allows you to see which certifications may be useful to you, within the different specialisms and at which point of your career.
Each of their 16 specialisms are built on Knowledge Areas within the Cyber Security Body of Knowledge (CyBOK). They are mapping certifications to the CyBOK Knowledge Areas, which then allows us to show how certifications link to their specialisms.
Join Sonja Lewis (Programme Manager – Qualification and Careers), Lisa Konomoore (Programme Officer – Cyber Careers) and the Careers and Learning Working Group, key members of the team who have developed the certificate framework.
Date and time:
- 18 July 2-3pm
Find out more details here
Register for the event here
CyberFirst Advanced Edinburgh five-day residential course
This fully funded, five-day residential course is aimed at attracting a diverse range of students, typically between 16 and 17-years-old, to build advanced skills in some key areas of cyber security. It is open to students currently in Year 12 (England and Wales), S6 (Scotland) and Year 13 (Northern Ireland) in the 2022/23 academic year. Places are limited, so sign up now to secure your spot!
CyberFirst Advanced will hone the skills and behaviours you need to enter the cyber security or tech-based workplace for real. The course is designed to expand the knowledge of students already studying computer science or who have a passion and aptitude for all things tech
Female and male places are available for students from Scotland. This CyberFirst Advanced course has been certified by the NCSC.
Date and time:
- 31 July – 04 August 10am – 5pm
Find out more here
Virtual Coffee: Cyber Security for Scotland’s Maritime Sector
Join CENSIS for an hour long virtual coffee to connect with other companies, researchers and stakeholders working in the same space or with the same interests as you.
In this session, organised in partnership with the University of Abertay’s CyberQuarter, Scottish Enterprise, ScotlandIS and the Scotland 5G Centre, they’ll be talking about cyber security issues associated with the maritime sector.
Date and time:
24 August 2023 – 10:00 am
This call takes place on Zoom. A calendar invite containing the link to join will be emailed to all registered participants before the day.
Find out more details here
Register for the event here
