CyberScotland Bulletin

NCSC Annual Review 2022

The National Cyber Security Centre has published its sixth-year Annual Review. The report outlines this year’s (between 1 September 2021 and 31 August 2022) cyber challenges and how the NCSC has responded to help keep the UK safe.

Ransomware attacks continue to pose a threat to both businesses and organisations and it is important that you are taking the steps to help mitigate this risk.

The most significant threat facing citizens and small businesses continued to be from cyber crime, such as phishing, while hacking of social media accounts remained an issue. Official figures revealed there were 2.7m cyber-related frauds in the 12 months to March 2022 in the UK.

In response, the NCSC has removed 2.1 million commodity campaigns and stepped up its automated notification service Early Warning whose sign-ups rose by over 90%. The service sent out 34 million alerts to inform its members of potential threats, risks and vulnerabilities.

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

Shop Safely on Black Friday

Over the next number of weeks, many people will be shopping online and taking advantage of some great promotions and discount deals on offer from retailers, particularly with Black Friday and Cyber Monday towards the end of the month. In amongst the influx of genuine emails, there will most likely be scam emails sent out by cyber criminals looking to take advantage, so it’s important to stay vigilant about your online security.

Watch out for suspicious emails, calls and text messages, and social media posts as some of these may contain links to fake websites, designed to steal your money and personal details. These offers may be for clothing, food, gadgets or upcoming festive events. Do some research to ensure the retailer you are dealing with is genuine or not. If you’re unsure, don’t use the link provided in the email or text, but search for a website address yourself. Reputable retailers will have many consumer reviews, read these reviews as they will help you make your decision to either deal with that retailer or not.

If you’re not 100% sure whether an email is really from a courier because you’re expecting a delivery, see if you can check the reference or tracking number and whether it matches the order you’re waiting for. You can also contact the delivery company directly to check whether the email is real.

Read our blog for more tips to help you shop securely online and avoid scam websites.

Scottish organisations urged to test their resilience

Speaking at the CyberScotland Summit in Edinburgh, Lindy Cameron, CEO of the National Cyber Security Centre, praised Scotland’s approach to cyber security and cited its existing ecosystem as a key aid in limiting the potential fallout of cyber attacks. Other key themes discussed during the conference included the need for partnerships and collaboration across sectors; and how to encourage more people to work in cyber security.

She urged all organisations to carry out a basic ‘cyber hygiene’ test to reduce the risk of cyber attacks, adding the vast majority of incidents could be prevented by doing so.

You can help prepare yourself and your organisations for the most common cyber threats by putting some basic cyber steps in place. Organisations must be proactive in preparing themselves against cyber threats so it’s a great time to review your business continuity and incident response plans and know where you can seek advice and support should you need it.

Our Cyber Incident Response Pack provides you with practical advice on handling a cyber incident. SBRC’s Cyber Incident Response Helpline (0800 167 623), can support organisations who believe they may have fallen victim to a cyber attack and need urgent advice.

CyberScotland Week, 27th February – 5th March 2023

CyberScotland Week is Scotland’s annual week-long festival of events on cyber awareness, cyber careers and innovation in cyber security.

There are many ways you can get involved in the week. You could host an event and share your knowledge with customers, colleagues or friends. Increase your cyber awareness and resilience by attending events throughout the week and sharing our resources on the CyberScotland website.

This is a fantastic opportunity for you and your organisations to stay secure online and learn how you can protect yourself, protect your business and be more cyber aware.

To offer to host an event or speak at one, please contact [email protected]

Keep up to date on social media: Facebook, Twitter, LinkedIn #CSW2023

Charity Cyber Essentials Awareness Fortnight, 7th – 18th November 2022

November 7th marks the start of the Cyber Essentials Charity Campaign where registered charities and clubs receive a discount on their Cyber Essentials assessment.

98% of charities believe cyber security is important or very important but often feel overwhelmed or don’t know where to start. IASME will be offering support and guidance as well as a discount on the price of certification to help registered charities achieve Cyber Essentials. By using the free Cyber Essentials Readiness Tool, reading their guidance for charities, or talking to a Certification Body, charities can take an important first step towards certification. Visit iasme.co.uk/cyber-essentials-for-charities for more information.

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Their Cost of Living Scams Awareness campaign aims to raise awareness of different issues which is likely to affect Scottish consumers.

Helping you with Cyber Security, NCSC, 22^nd November 10.30 am

The National Cyber Security Centre and Information Commissioner’s Office have collaborated to provide a webinar on the 22nd of November at 10.30 am. The webinar will focus on practical advice to help you improve your cyber security and data protection compliance in your organisation.

Register here

Women in Cyber – Leading Change in the Public Sector, December 2022 – March 2023

Funded by the Scottish Government and delivered by Empowering You, this programme is designed for all women working in Scottish public sector’s roles relating to cyber – cyber security, cyber resilience, information security, risk management, data protection, resilience, digital and others. You do not need to hold a managerial or senior role, or be in a ‘technical’ post, we welcome applications from all levels of experience.

It is non-technical in nature, and will bring together 20 like-minded professionals who will embark on a leadership journey together, learning by experience and from each other.

The programme consists of:

• 2 in-person workshops in Edinburgh, both two days long (13-14 December and 6-7 February)
• 3 individual coaching sessions via Zoom
• Self-directed team challenge
• Graduation event (1 March).

Previous programmes that Empowering You brought had been hugely praised by participants and received fantastic feedback. We are sure that this one will not be different in this respect. We look forward to hearing from you!

The application deadline has been extended to 14 November. Apply here.

Exercise in a Box Workshop – exercising your response to a cyber incident

Scottish Business Resilience Centre is facilitating workshops taking Scottish public and third-sector organisations through using NCSC’s Exercise in Box security tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, ‘Sensitive Data Leak‘, and ‘Micro Exercises’. This is a great opportunity for you to test the resilience of your organisation.

• Exercise in a Box ‘Micro Exercises’ MS Teams 29th November  9.30 am – 11 am

December – 9.30 – 11am

• Exercise in a Box ‘Digital Supply Chain’ MS Teams – 6th December
• Exercise in a Box ‘Ransomware’ MS Teams – 8th December
• Exercise in a Box ‘Digital Supply Chain’ MCS Teams 15th December

Workshops are free to those in health, social care, housing, charitable or public sector organisation in Scotland looking to strengthen your cyber defences, sign up below. Find out more details and book ongoing Exercise in a Box events

Safer Internet Day Planning Event, 22^nd November

Join the biggest online safety campaign in the UK, reaching over half of UK children!  At this hybrid event for Scotland, you’ll hear from UK Safer Internet Centre, Internet Watch Foundation and Ofcom about the Safer Internet Day campaign, free educational materials and the latest trends and research into children’s online lives.

Book your ticket to watch the livestream or attend in person in Edinburgh on 22^nd November:  https://SIDscotland2023.eventbrite.co.uk.

Fraud on Scottish Charities

Police Scotland hosted a webinar as part of Charity Fraud Awareness Week, to share the latest fraud affecting charities in Scotland.