CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
National Cyber Security Centre (NCSC)
NCSC Annual Review 2023 raises awareness of increasingly unpredictable threat landscape.
In their latest Annual Review, the NCSC has warned that the UK needs to accelerate work to keep pace with the changing threats, particularly in relation to enhancing cyber resilience in the nation’s most critical sectors. These sectors include those that provide the country with safe drinking water, electricity, communications, its transport and financial networks, and internet connectivity.
Among the subjects covered in the Annual Review are the current threats and risks in the cyber landscape, A.I, the new trend of malicious actors targeting the personal email accounts of influential individuals involved in politics, the international threats posed by China, Russia and Iran, and more.
Read more about it here
View the full Annual Review here
UK and US develop new global guidelines for AI security
New guidelines for secure AI system development will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process.
The first global guidelines to ensure the secure development of AI technology are broken down into four key areas – secure design, secure development, secure deployment, and secure operation and maintenance – complete with suggested behaviours to help improve security.
The guidelines aim to raise the cyber security levels of artificial intelligence and help ensure that it is designed, developed, and deployed securely. They can be accessed on the NCSC website
Read more about it here
UK schoolgirls secure victory as champions of NCSC cyber skills contest
The 2023/24 CyberFirst Girls Competition saw the largest number of girls taking part since its inception. The teams used a range of cyber skills to compete in code cracking, decrypting messages and solving puzzles in a contest which seeks to inspire young women to pursue careers in cyber.
The contest is designed to encourage girls to explore the world of cyber and technology, helping to address the lack of diversity in the UK cyber workforce, where women currently make up just 17%.
More than 12,500 girls across the UK took part, with 13 teams claiming the top prize. Scotland featured among the top teams with St. Kentigern’s Academy in West Lothian securing a place among the winners.
Read more about it here
NCSC Threat Report
The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.
To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.
Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).
The NCSC’s Reporting Service
The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.
As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.
You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.
In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.
If you become a victim of cyber crime you can report this to Police Scotland by calling 101.
Trending Topics
Cyber security community celebrates best in the business at Scottish Cyber Awards
Scotland’s cyber security community was celebrated on November 30 as the seventh annual Scottish Cyber Awards recognised the achievements of individuals, organisations and academics from across the industry.
Run by the Cyber and Fraud Centre – Scotland and hosted by comedian Fred McAulay, the awards took place at the Assembly Rooms in Edinburgh for the first time in their history and saw the distribution of 14 prizes to worthy recipients from across the sector.
As well as recognising both individual and collective contributions to the cyber security sector this year, the event served as an opportunity for figures across the industry to unite, network and celebrate their successes.
For more information and to see a full list of the winners click here
New NCSC Cyber Incident Exercising scheme opens for business
NCSC is launching a new Cyber Incident Exercising (CIE) scheme, giving organisations access to NCSC assured exercising providers for the first time.
In August, the NCSC announced CREST and IASME as Delivery Partners for the scheme, to manage the assessment on behalf of the NCSC, and to onboard the assured exercising service providers.
The new CIE Scheme provides organisations with access to NCSC assured CIE service providers able to create bespoke, structured table-top or live-play cyber incident exercises, helping organisations to robustly practise their responses in a safe environment.
Find out more about it here
Fighting the ‘fraudemic’
More resources need to be ploughed into tackling an upsurge of sophisticated online business scams targeting Scottish firms, according to the Cyber and Fraud Centre – Scotland.
Jude McCorry, chief executive of Cyber & Fraud Centre – Scotland, said that in the last six months her organisation has helped deal with losses amounting up to £10 million.
Although it has helped recover about £4 million, based on the success of a “triage” unit set up with multiple partners, there is a pressing need for more investment in tackling “cyber-enabled crime”.
Read the full article here
CyberScotland Third Sector Update
SCVO have recently appointed a Cyber Resilience Co-ordinator, who will work closely with Scottish Government’s Cyber Resilience Unit and the newly formed Third Sector Cyber Resilience Working Group, to help develop the Third Sector Action Plan and coordinate its implementation across Scotland’s voluntary sector.
Check out SCVO’s recently refreshed Cyber Security guidance for areas of focus and suggested next steps, which will be updated with new initiatives and opportunities as they arise.
Sign up for the upcoming Cyber Resilience Conference for the Third Sector Conference on 28th Feb 2024, as part of CyberScotland Week. Learn more about the steps CyberScotland are taking and understand/enhance your charity’s cyber resilience through compelling case studies, interactive workshops tailored across roles and opportunity to connect with like-minded people within the third sector.
Students across Scotland take part in mock cyberattack scenario to test crisis response
The simulated exercise was hosted at Abertay University’s cyberQuarter in Dundee as university and college students from around the country participated in a global competition.
It was the second time the Cyber 9/12 Strategy Challenge – organised by US foreign policy think tank the Atlantic Council – has been hosted in Scotland.
Entering its twelfth year, the Cyber 9/12 Strategy Challenge is a ‘one-of-a-kind cyber competition designed to provide students from across academic disciplines with a deeper understanding of the policy and strategy challenges associated with management of trade-offs during a cyber crisis’.
Read more about it here
UK and allies expose Russian intelligence services for cyber campaign of attempted political interference
The UK and international partners have called out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes.
The NCSC – a part of GCHQ – assesses that Star Blizzard, a group that has been identified using cyber operations to target high-profile individuals and entities, is almost certainly subordinate to Centre 18 of Russia’s Federal Security Service (FSB).
To support the announcement, the NCSC and partners from the United States, Australia, Canada and New Zealand, have issued a new cyber security advisory, sharing technical details about how the actors carry out attacks and how targets can defend against them.
Read more about it here
Insider Threats: What are they and how to guard against them
Insider threats, referring to a cyber security risk that comes from within an organisation, are an often overlooked aspect of an organisation’s cyber resilience. However, according to Security Intelligence, 60% of data breaches are primarily caused by insider threats. With cyber attacks rising it’s even more important for businesses to be vigilant against the most common form of cyber attack.
Unlike other forms of cyber attack, insider threats can be difficult to identify against normal activity, because the offender will likely have security authorisation. Insider attackers also have an advantage over outside threats because of their knowledge of systems and users, making it easier for them to manipulate procedures.
Read the full article from the UK Cyber Security Council here
£29 million bank scams prevented according to new report from Scottish Government
Criminals have been prevented from fraudulently withdrawing around £29 million from bank accounts over the last five years, according to a report into serious organised crime in Scotland.
The report by Scotland’s Serious Organised Crime Taskforce (SOCT) updates on the success of the Banking Protocol since its launch in 2018. Under the scheme, staff in banks and other financial institutions are trained to spot and help prevent customers being scammed.
The Taskforce Progress Report also details the other ways that criminal gangs have been disrupted from causing harm to individuals, communities and businesses across Scotland.
Read more about it here
Read the full report here
Newsletters/Campaigns
Shopping online securely during the holidays
It’s important during the holidays to take caution when shopping online. While the convenience and affordability of online shopping are undeniable, it’s crucial to exercise caution and vigilance to protect your personal information and financial well-being.
CyberScotland recently posted a blog on a rising online attack called digital skimming. Digital skimming is the action of stealing credit card information or payment card data from customers of an online store. The transaction data is intercepted during the online purchase checkout process, without customers noticing anything unusual. Read the full guidance here
Also see the NCSC’s for shopping online securely here. It includes guidance on watching out for suspicious emails, text messages and websites, keeping your accounts secure, what to do if things go wrong and more.
New guide supports older people to navigate the digital landscape safely and securely
Cyber and Fraud Centre – Scotland has launched a new guide to empower Scotland’s older residents to be more vigilant against a new wave of scams targeting the age group.
This guide is available online and will be available as a printed version in January. It will be distributed through local community networks and at events targeting this demographic during CyberScotland Week.
Find out more information here
Access the guide here
Skills Development Scotland launch Digital Economy Guide
During Scottish Careers Week the new Digital Economy guide was launched which will help people better understand the term “digital economy” as well as highlighting the practical support available to enhance digital skills.
The term “digital economy” covers the massive growth in demand for digital technology jobs and skills. Without digital skills Scotland’s entire economy would stop turning. Which is why, back in March last year, SDS launched the first ever Digital Economy Skills Action Plan.
Off the back of that plan, the new Digital Economy Skills & Careers Guide was created. This guide has been developed to help both individuals and businesses upskill themselves on the digital economy, as well as signposting to further information and resources.
Empowering Women to Lead Cyber Security – Scotland – Spring
This is a unique, cross-sector, leadership program for women in cyber security and resilience, delivered by Empowering You and in association with the Scottish Digital Academy, Scottish Government and ScotlandIS. The aim is to build a collaborative and powerful community of women leaders in digital transformation roles across Scotland.
Delivered over 3 months from March – May 2024, ”Empowering Women to Lead Cyber Security” is designed to enable the transition of aspirational and early to mid-career professionals, team leaders and managers into more confident, capable and energised leaders.
Find out more information or apply for the program here
Staying Secure This Christmas: Cyber Security Tips for SMEs and Non-Profits
The Christmas holiday period is often seen as a time to relax business operations and let employees enjoy some well-deserved time off. However, it’s also prime time for cybercriminals who know that defences may be lowered with skeleton IT crews working over the holidays.
Small and medium enterprises (SMEs) and non-profit organisations can be especially vulnerable to attacks like phishing scams, malware infections, and data breaches during this season.
Implementing some cyber security best practices doesn’t have to be difficult or expensive. Cyber and Fraud Centre – Scotland have posted some tips to help keep your organisation’s data safe so you can enjoy the holidays.
Read the full blog here
Trading Standards Scotland, Scam Share Newsletter
Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.
Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.
Neighbourhood Watch Scotland
Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.
Training and Webinars/Events
CyberScotland Week
This week of events is for everyone, regardless of age. Cyber threats can impact our personal and professional lives as we increasingly live more of our lives online. We all need to understand cyber risks and take steps to protect ourselves, our families, and our businesses as the digital world continues to expand.
CyberScotland Week offers something for individuals who want to be safer online, as well as for organisations looking to develop robust cyber defences. By participating in CyberScotland Week, we can work together to create a more secure digital future for Scotland
Find out more information on the official page and watch for new events posted regularly here
Public Sector Cyber Upskilling Fund Autumn/Winter 2023
Are you interested in upskilling your employees in the field of cyber security, at no cost to your organisation? Now is the time, with support from the Public Sector Cyber Upskilling Fund.
This scheme is funded by the Scottish Government’s Cyber Resilience Unit and is administered by ScotlandIS, the trade body and cluster management organisation for digital technology in Scotland. The aim of the fund is to help public sector bodies improve and accredit the cyber security skills of their employees, which in turn will help to make the organisation more cyber resilient.
Find out more about it here
The GCHQ Christmas Challenge 2023
The GCHQ Christmas Challenge returns on Thursday 14 December with a special festive puzzle mission for secondary school and college students!
The Challenge comes in the form of a Christmas card, sent by GCHQ Director, Anne Keast-Butler, to partners around the world. The card contains a series of brainteasers, designed by GCHQ’s own puzzle volunteers, specifically for 11 to 18-year-olds.
Find out more about it or register for the challenge here
Public and Third Sector Roadshow: Fife – 23rd January
The Cyber and Fraud Centre is hitting the road and will deliver a series of events for Public and Third sector organisations across the country. These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2024.
Everything discussed will tie in with additional resources available and help you fully utilise these within your own organisation or charity. We will have guest speakers at each event, but the overall topics will be the same across the board. Each event will be in person giving everyone an excellent chance to network with others working within the Public and Third Sectors interested in cyber security.
Date: 23 January – 09:00-12:30
Find out more and register here
Cyber Leaders Webinar
Join the UK Cyber Security Council for the Cyber Leaders Webinar, an exciting online event where two sector experts will share their knowledge and insights on all things cybersecurity careers.
Whether you’re a seasoned professional or just starting out, this webinar is the perfect opportunity to learn about the varied route into cyber from someone who’s been there.
Don’t miss out on this chance to gain valuable insights, join fellow cyber enthusiasts and stay up to date with the UKCSC
Date: 16 January, 10.00 – 11.00
Find out more and register here
CENSIS Virtual Coffees
These informal hour-long virtual coffees from CENSIS have no fixed agenda, and they aim for a forum that is open, friendly and encourages conversation. The direction of the discussion always follows whatever people on the call want to talk about, and the conversations are never recorded.
14 Dec 2023 – Delivering successful technology-focused events
- From smaller workshops and meetups to large scale conferences, let’s talk about the steps to take – and pitfalls to avoid – to ensure your event run smoothly.
25 Jan 2024: Innovating competitively with IoT and sensor systems
- They will be joined by Abigail Hird for this one, to discuss innovation challenges and opportunities (product and beyond), the importance of a fit-for-purpose innovation process, reducing risk and increasing confidence.
Find more Censis events here
Stirlingshire Voluntary Enterprise Cyber Roadshow
The Cyber and Fraud Centre – Scotland is running a cyber security roadshow for Stirlingshire Voluntary Enterprise. The team will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2023-2024. Everything discussed will tie in with additional resources available and will help you fully utilise these within your own organisation or charity.
Venue: The Barracks Conference Centre, Forthside Way, Stirling, Stirling, FK8 1QZ
Date: 24 January – 10:00
Find out more information or register here
FutureScot Cyber Security 2024
Futurescot’s annual Cyber Security conference is Scotland’s exclusive platform for public sector professionals, this event stands unparalleled in its commitment to fortifying the nation’s critical digital infrastructure.
The conference offers a rare opportunity to dive deep into cutting-edge cyber protection strategies, learning directly from the masters of the field. Participate in thought-provoking leadership sessions, masterclasses, and discussions that blend global thought leadership with practical, industry-leading best practices.
Date and time: 27 February, 08:30 – 16:30
Venue: University of Strathclyde, Technology and Innovation Centre Glasgow
Find out more information here