CyberScotland Bulletin

July 2022

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

Scottish Cyber Winner 2021
Section DIGI Ken? CyberScotland TV Adverts

DIGI Ken? CyberScotland TV Adverts

We are excited to announce the launch of our CyberScotland TV adverts titled ‘DIGI Ken?’ that will be broadcasting on STV throughout July.

The adverts are based on the NCSC’s Cyber Aware key actions of choosing strong passwords consisting of 3 random words, turning on 2-Step Verification and updating your devices. The advice is easy to follow and will help improve your online security.

Tune in to STV to catch the adverts for your favourite programmes.

The campaign is also live on social media where we are running a competition giveaway on Twitter, to be in with the chance of winning some CyberScotland goodies!

Watch the adverts here: https://www.cyberscotland.com/digi-ken/

Please help us promote these security behaviours by sharing these videos with your colleagues, friends and family.

Protect yourself online and follow the advice today!

DIGI Ken? Now You Do!

Section National Cyber Security Centre (NCSC)

National Cyber Security Centre (NCSC)

NCSC board briefing pack

The Institute of Directors has found that 72% of business leaders view cyber risk as a ‘significant concern’ for their organisation.

The NCSC has created resources specifically designed for leaders to help organisations address their cyber resilience. They released a new Briefing Pack for the NCSC Board Toolkit, which provides a starting point for crucial conversations between board members and their technical experts.

NCSC Guidance – Reducing data exfiltration by malicious insiders

NCSC and the Centre for Protection of National Infrastructure (CPNI) have released new guidance on reducing the risk of insiders extracting your organisation’s sensitive data. The guidance highlights 3 measures to help you prevent, monitor or audit data exfiltration. https://www.ncsc.gov.uk/guidance/reducing-data-exfiltration-by-malicious-insiders

pexels-leandro-alamino-3906592
Section

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

The NCSC are not aware of any specific, targeted cyber threats to the UK as a result of the Russian invasion of Ukraine but is encouraging organisations to remain vigilant and follow their advice to improve your security.

The NCSC has urged organisations to prepare for an extended period of heightened threat and has published new guidance aimed at supporting staff resilience.

SANS CyberThreat 2022

CyberThreat 2022, is a two-day technical conference hosted by the NCSC and SANS Institute. Designed for security practitioners, it includes presentations from cyber security experiences and features hands-on opportunities for delegates to get involved in problem-solving activities and challenges. This event takes place in London, and some keynote presentations will be available to watch online. To register and find more information visit the SANS – CyberThreat website.

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites. As of June 2022, the NCSC has received over 12 million reported scams which have resulted in 86,000 scams being removed across 159,000 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Section Trending Topics

Trending Topics

Cyber Criminals Don’t Take Holidays

Does your current security strategy include a plan for cyber-attacks during the holidays? Summer holidays are a prime time for cyber criminals to take advantage of businesses that will be running with a heavily reduced staff count, due to annual leave, which can make organisations vulnerable.

A cyber incident response plan is a written guide that describes how to prepare for and identify a cybersecurity incident, and more importantly, what steps an organisation can take to react and respond to an incident. Having a plan will outline the recovery process so that everyone knows what is required of them during an incident. Each department in your organisation should understand the incident response procedure. Make sure staff are delegated roles to cover for those on holiday and ensure they know to implement the response plan.

Our Cyber Incident Response Pack is an easy-to-follow guide to setting up a cyber incident response plan for your business. It has checklists, action plans, and template documents that you can use today. This will help you identify and prioritise your organisation’s most valuable assets and links to advice to help you keep them secure.

You can report cyber crime to Police Scotland by phoning 101. SBRC’s Cyber Incident Response Helpline – free helpline to support organisations that have been a victim of an attack and provide guidance to get back to secure operations 0800 1670 623

aaron-burden-cEukkv42O40-unsplash
Section

Abertay cyberQuarter Launches in Dundee

A new cyber security research and development centre has officially opened at Abertay University in Dundee. The Abertay cyberQuarter is an £18m hub that has been jointly funded by the University and the UK and Scottish Governments through the Tay Cities Region Deal.

Operating over four floors, it provides a physical space for collaborations and experimentation between industry and academia, as well as open-plan spaces for group working, training rooms for CPD delivery, event space, accommodation for businesses and more.

The centre will work with businesses across all sectors to help develop cyber security solutions and help provide students with an opportunity to learn directly from industry professionals.

Section

Cyber 9/12 Strategy Challenge

The Atlantic Council’s Cyber Statecraft Initiative, in partnership with the Scottish GovernmentDewar Cyber Consulting, and Abertay University, are bringing a new iteration of the Cyber 9/12 Strategy Challenge to Scotland.

The Cyber 9/12 Strategy Challenge is a cyber policy and strategy competition where students compete in developing policy recommendations tackling a fictional cyber catastrophe. The launch event for the competition was held in the Abertay cyberQuarter with Shirley-Anne Somerville MSP, the Scottish Government’s Cabinet Secretary for Education and Skills, in attendance.

This year’s edition of the Challenge is the first to be held in Scotland. Over 2 days, teams of students from Scottish universities and colleges will work together to craft actionable policy recommendations in response to a scenario that examines cyber threats to resilience before presenting them to a panel of industry professionals. Abertay cyberQuarter will host the competition on the 18th and 19th October.  Registration is now open.

Abertay_Cyber 9-12_AR
Cyber 9/12 Strategy Challenge launch event
Section Newsletters / Resources

Newsletters / Resources

Little Book of Big Scams

Police Scotland, Scottish Business Resilience Centre and the Royal Bank of Scotland have released the Little Book of Big Scams.

This booklet outlines a number of the most common online frauds and scams. It includes information on how to identify the various types of fraud and provides advice to prevent the loss of your data, and what to do should you fall victim to fraud.

Download your free copy here

Little Book of Big Scams
Section

Get Safe Online ‘Check a Website’

Get Safe Online has partnered with Cifas, the UK’s leading fraud prevention service, to launch ‘Check-a-Website’.

Check a website is an easy-to-use online tool which helps determine whether a website is likely to be legitimate or a scam before you visit it. Provided in the UK by Get Safe Online, in conjunction with Cifas, ScamAdviser, Barclays and other partners, it cleverly uses an algorithm to provide a trust score based on more than 40 data sources as well as thousands of reports of malicious websites from law enforcement agencies, regulators and consumer brands every week.

Hosted on Get Safe Online’s UK website, individuals can also access this new feature here. https://www.getsafeonline.org/checkawebsite/

CheckaWebsite_Instagram_post-3
Section

Trading Standards Scotland, Scam Share Newsletter

Trading Standards Scotland is asking people to respond to their Big Scottish Scam Survey to find out more about the most commonly experienced scams in Scotland. They will then use this information to create future campaign content to help consumers recognise and avoid them.

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

 

Neighbourhood Watch Scotland

Sign up to the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Section Events

Events

Exercise in a Box, Scottish Business Resilience Centre

Scottish Business Resilience Centre is facilitating workshops taking Scottish organisations through using NCSC’s Exercise in Box security tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, and ‘Micro Exercises’.

The next in-person workshop is taking place in Edinburgh on 21st July and is a great opportunity for you to test the resilience of your organisation.

If you work in health, social care, housing, charitable or public sector organisation in Scotland and looking to strengthen your cyber defences, sign up below.

Find out more details and to book ongoing Exercise in a Box events

excersie in a box
Section

Empowering Women to Lead Cyber Security in Scotland

Empowering You invites applications to their programme, Empowering Women to Lead Cyber Security Scotland, from women working in all aspects of cyber, from technical roles to policy, from incident management to information security to talent development and everything in between.

This is a unique leadership programme aiming to build a collaborative and powerful community of emerging women leaders in cyber security roles across all industry sectors. Delivered over 3 months from September to November 2022, the course equips participants with the knowledge and insights required for successful leadership, embedding and functionalising new learnings as real-world behaviours and action.

Applications close on 12th August 2022

Empowering women Sep 2022
Section

Scottish Cyber Awards 2022

Applications are open for the Scottish Cyber Awards. These awards, hosted by the Scottish Business Resilience Centre, have 12 categories which celebrate the outstanding individuals and organisations in the Scottish cyber industry.

CyberScotland is thrilled to be sponsoring the new ‘Cyber Community Award’ this year, which recognises those who are delivering the cyber message and helping build the Cyber Community of Scotland.

If you or someone you know has made a difference to the cyber security of Scotland then send in your nominations today!

Applications close on the 31st of August 2022.

MicrosoftTeams-image (6)
Section

9/12 Strategy Challenge

The Cyber 9/12 Strategy Challenge is a cyber policy and strategy competition where students compete in developing policy recommendations tackling a fictional cyber catastrophe. Dewar Cyber Consulting Ltd, the Atlantic Council, the Scottish Government and Abertay University are bringing a new iteration of the Cyber 9/12 Strategy Challenge to the cyberQuarter, Abertay University, Dundee, on the 18 and 19 October 2022.

Over 2 days, teams of students from Scottish universities and colleges will work together to craft actionable policy recommendations in response to a scenario that examines cyber threats to resilience before presenting them to a panel of industry professionals.

Are you currently enrolled in a degree-awarding university or college? Then we want you to build a team and take on an exciting, escalating simulated cyber incident.

Register your team here. Registration closes on Tuesday, September 13th

Are you a cyber security professional with experience in dealing with cyber crises at a high level, or an academic with an interest in crisis management? Then apply to be on our expert judging panel and put the students through their paces.

Register to join as a judge.

912 Strategy Challenge
Section Technical Bulletin

Technical Bulletin

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up to receive the technical bulletin.

Read the latest bulletin here

 

Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Back to top of the page