CyberScotland Bulletin

October 2023

CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

CyberScotland Week 2024 announced

With instances of cyber crime and fraud on the rise, the CyberScotland Partnership is preparing to launch a week of events aimed at engaging the country’s businesses, organisations and individuals with cyber security and awareness. 

Read more about the announcement here

Visit the official page to learn more or register an event here

National Cyber Security Centre (NCSC)

New scheme ready for Cyber Incident Exercising providers

A new Cyber Incident Exercising scheme is now open for organisations to apply to be Assured Providers, with CyberScotland partner IASME and CREST as delivery partners with the NCSC.

The NCSC has created the scheme to help organisations find high quality providers that can advise and support them to effectively practise their cyber incident response plan.

The scheme will assure companies to deliver organisations two types of cyber exercises to test their incident response plans:

  • Table-Top – discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (in line with their organisation’s incident response plan) for a pre-agreed scenario.
  • Live-Play – sessions where participants carry out their roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

Companies of any size can apply to join any of the schemes. The NCSC particularly welcomes companies located in or serving geographically remote or under-represented areas.

Find out more about the new scheme here

Data-driven cyber: empowering government security with focused insights from data

In recent months, the NCSC has been accelerating its approach to data-driven cyber (DDC). Their goal is to encourage the adoption of an evidence-based approach to cyber security decisions, not only in how they advise external organisations, but also in how they address their own security.

NCSC acknowledge that enterprise cyber security is becoming increasingly complex, and many teams are reluctant to introduce an additional ‘data layer’ due to concerns of becoming overwhelmed. In their blog post, the aim is to demonstrate how concentrating on manageable, actionable insights can help teams embrace data-driven cyber security.

Read the full blog post here

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Trending Topics

Proposals announced for CyberScotland Partnership funding initiative

We would like to thank everyone who took the time to submit a proposal and for their interest in building cyber resilience capacity in Scotland.

We received a high volume of applications towards the funding call and the variety and quality of outline proposals received was very encouraging.

We have now selected 16 proposals which we will be funding as a result of this call and which we hope will create a varied and effective programme of cyber resilience awareness activities reaching out to the target groups.

See the full list of successful proposals here

LEAD Scotland join the CyberScotland Partnership

We are pleased to welcome LEAD Scotland to the CyberScotland Partnership.

Lead Scotland is a charity supporting disabled people and carers by providing personalised learning, befriending, advice and information services. Lead Scotland has projects across Scotland and a national helpline and information service.

Lead Scotland strives to embed accessibility in the rollout of key messages about staying safe online through our strategic and operational activities to ensure no one is left behind. Lead Scotland advocates for a more diverse cyber industry workforce, more representative of its communities.

To find out more about our new partner LEAD Scotland click here 

UK Cyber Security Council celebrates the industry’s first chartered professionals

The Council’s Cyber Security Governance and Risk Management and Secure System Architecture and Design specialisms recognise the first Chartered Cyber Security Professionals.  

The UK Cyber Security Council has ushered in the country’s first cohort of chartered cyber security practitioners following the launch of its first pilot schemes last year, with an awards ceremony taking place yesterday in London.

The event was held in partnership with NCSC, the Council and the Department for Science, Innovation and Technology.

Over 100 practitioners who completed the pilot schemes are now registered with the Council at either Chartered, Principal or Associate level. 

Read more about it here

UK and US host international dialogue to advance cyber support for groups that strengthen democracy

Agency heads from nine countries share insights and approaches to help improve collective cyber resilience of global democracy.

NCSC CEO Lindy Cameron and the Director of the United States’ Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly held a strategic dialogue on Thursday 28th September with leaders from six other countries to discuss the threat of transnational repression facing certain civil society groups around the world.

The dialogue, which has been set up by CISA as part of its High-Risk Community Protection initiative, saw participants brief about their existing efforts to protect civil society groups online, exchange insights into the threat landscape and agree to continue collaborating.

Read more about it here

Cyber Security Month 2023

European Cyber Security Month runs throughout the month of October to help raise awareness of digital security and cyber hygiene. Throughout the month, hundreds of activities occur across Europe, including conferences, workshops, training, webinars, and presentations.

The theme for 2023 is based on Social Engineering, which is the tactic of manipulating, influencing, or deceiving a victim to gain control over a device system or to steal sensitive data. The goal of European Cyber Security Month 2023 is to raise awareness and empower individuals of all ages to protect themselves online.

For Cyber Security Month CyberScotland has put together some tips to help you avoid being manipulated by a cyber criminal. To read them click here

Cyber Security Month 2023

Newsletters/Campaigns

Quishing Attacks

Phishing is a cybercrime in which a target or targets are contacted through email, by someone posing as a legitimate organisation to lure individuals and companies into providing sensitive data. A form of phishing is quishing, which uses QR codes to lure you to nefarious websites. As with any type of phishing, the best defence against quishing attacks is to be aware of the threat.

New guidance on preventing quishing attacks, provided by Police Scotland Cybercrime Prevention Team, is available to read on the CyberScotland website here

The Cyber Access Hub

The UK Cyber Security Council has introduced a resource hub for young people aged 13-19, their parents/carers and teachers. They aim to nurture an interest in cyber security and signpost people to helpful resources to start their journey.

The platform will be updated as they go, and they are keen to hear any suggestions for content you may have.

To explore the new resource click here

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Training and Webinars/Events

Linking Cyber and Accessibility Webinars

Learn more about making your online presence accessible and staying safe online with public webinars from Lead Scotland! Sign up today, everyone welcome to attend.

Some of the webinars on offer include:

See a full list of the events here

Scottish Cyber Awards 2023

The Scottish Cyber Awards not only honours the outstanding talent in Scotland but also unites the cyber community for an enjoyable evening of networking.

Now entering its 7th year the Scottish Cyber Awards has become the go to event in the cyber calendar. The awards will be taking place at the Assembly Rooms in Edinburgh on 30th November and will be hosted by comedian Fred MacAulay.

For all information about the awards click here

Censis Tech Summit

Save the date for the biggest event in the CENSIS calendar and the largest IoT-centred event in Scotland – the CENSIS Technology Summit.

The annual conference takes place this year on Thursday 2 November, returning to the Royal Concert Hall in central Glasgow, marking 10 years of CENSIS innovation in Scotland.

Join the event for a full day of presentations celebrating best practice and leading edge ideas in sensing, imaging and IoT. The event will have a full house of exhibitors from companies from across the country, offering excellent networking opportunities and the chance to catch up with friends and connect with new businesses.

To find out more details click here

To register for the event click here

Exercise in a Box ‘Micro Exercises’ Session via MS Teams

Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack.

It is completely free, and you don’t have to be an expert to use it. The service provides exercises based around the main cyber threats, which your organisation can do in your own time, in a safe environment, as often as you want. It includes everything you need for setting up, planning, delivery, and post-exercise activity, all in one place.

The micro exercise session combines several fundamental aspects of cyber security with additional, broader cyber security learnings within a 90-minute session to ensure all organisations, regardless of their sector or level of cyber knowledge, can benefit.

Date: 25th October

Find out more and register here

The Gathering 2023 – SCVO

Organised by the SCVO, the Gathering exhibition will feature over 70 different organisations who have something to share with the Scottish voluntary sector. From help with running your organisation to a potential new project partner you’ll find it all here.

Many of the events will be of interest to people trying to further their cyber knowledge including:

Dates: November 7 and 8

Venue: EICC, Edinburgh

To see the full programme of events for the Gathering click here

Public and Third Sector Cyber Roadshow: Aberdeen

The Cyber and Fraud Centre is hitting the road and will deliver a series of events for Public and Third sector organisations across the country. These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2023. Everything discussed will tie in with additional resources available and help you fully utilise these within your own organisation or charity.

There will be guest speakers at each event, but the overall topics will be the same across the board. Each event will be in person giving everyone an excellent chance to network with others working within the Public and Third Sectors interested in cyber security.

Venue – One Tech Hub, Schoolhill, Aberdeen, AB10 1JQ

Find out more or register here

Back to top of the page