CyberScotland Bulletin

CATEGORIES

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

NCSC AND National Crime Agency experts reveal latest insights into world of cyber criminals

A new white paper, published by the NCSC and the NCA, examines how the tactics of organised criminal groups (OCGs) have evolved as ransomware and extortion attacks have grown in popularity. It’s particularly aimed at security professionals and resilience sector leads who need to be aware of changes in cyber criminal activity to better protect their systems and inform security policy.

The report notes that ransomware has been the biggest development in cyber crime since the NCSC published their 2017 report on online criminal activity.

Read more about it here

Cyber attacks feature on National Risk Register 2023.

The 2023 National Risk Register is the external version of the National Security Risk Assessment, which is the government’s assessment of the most serious risks facing the UK. It provides the government’s updated assessment of the likelihood and potential impact of a broad range of risks that may directly affect the UK and its interests.

Among the risks in this report are various cyber attacks relating to the health and social care system, transport sector, and within telecommunications.

Find out more and read the full National Risk Register here

Stopping the scammers who target online jobseekers

With more than 100 job applications submitted per second on LinkedIn, scammers are increasingly targeting jobseekers with fake job opportunities. According to research from security firm NordLayer, nearly two-thirds of British users have been targeted.

Platforms are doing their best to eliminate job scams. LinkedIn says that 99.3% of detected spam and scams are caught by its automated defences, and that 99.6% of detected fake accounts are blocked before members even report them.

Find out more about it here

£880k available for proposals to help reduce cyber risk across defence

The Defence and Security Accelerator (DASA) is pleased to launch a new themed competition Reducing Cyber Risk Across Defence. Cyber attacks are becoming more sophisticated, with potentially more impact on military operations. This Themed Competition seeks proposals that will help to quantify and reduce the cyber risk across Defence, enhance digital resilience and enable Defence to be secure by default.

Key Dates and Funding

• Up to £880k is available for this competition, and DASA expects to fund up to 5 proposals.
• Submission deadline: midday on Tuesday 31 October 2023

To attend on online event to hear a summary of the competition requirements, and to ask your specific questions to the project team, click here

For full details click here

Neurodiversity in cyber

The UK Cyber Security Council have recently updated their Thought Leadership piece on Neurodiversity in Cyber with the help of their Diversity Working Group.

It’s estimated that around 15% of the UK population is neurodiverse, though it’s difficult to know for certain how many are undiagnosed. While the term is often associated with autism, it can also refer to people with ADHD, dyslexia, dyspraxia, Tourette’s syndrome, or many other neurological conditions, making this a broad category that is diverse in itself.

While some neurodiverse people may initially be interested in computing as a career, ensuring that the hiring process is as inclusive as possible is important to make sure capable candidates are given an equal opportunity, particularly given navigating a traditional interview process can often require skills that are not integral to the job itself.

The article explains the many benefits to hiring Neurodivergent people and also the barriers to entry that can exist for them. This page also includes some example scenarios of how you can make your workplace more inclusive.

Read the full article here

Navigating the Cryptocurrency Landscape: How to Spot and Avoid Fake Investment Scams

As cryptocurrency becomes increasingly mainstream and a legitimate form of trading, saving, and conducting business, so does the prevalence of scams and fraudulent schemes designed to exploit unsuspecting individuals. A new article from Cyber and Fraud Centre aims to shed light on the deceptive world of fake cryptocurrency investments, offering guidance on how to identify and avoid falling prey to these scams.

The guidance includes understanding the threat landscape, spotting the red flags and thevarious ways in which you can protect yourself

Read the full article here

CyberFirst Bursary for Undergraduate Study

It’s that time of year when students are thinking about the next steps to continue their education journey and applying to university so this a timely reminder for students to apply for the 2024 CyberFirst Bursary scheme.

The scheme offers £4000 a year as well as a paid cyber security summer placements with one of the 240 CyberFirst Industry and Government members. Students will need to have (or expect to have) 3 ‘A’ levels in any subject at Grade B or above (or equivalent) and have an offer (or be applying) to study an Undergraduate Degree or Integrated Masters in any subject at a UK University from September 2024.

ROI opens for on 21st August

Bursary Applications open: 18^th September 2023

Bursary Applications close: 27^th November 2024 For more information please visit https://www.gchq-careers.co.uk/cyberfirst.html

Exercise in a Box ‘Ransomware’ Session via MS Teams

Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack. It is completely free, and you don’t have to be an expert to use it. The service provides exercises based on the main cyber threats, which your organisation can do in your own time, in a safe environment, as often as you want.

With the rise of ransomware attacks, organisations must be prepared in case they suffer an attack. Effectively securing an organisation can be difficult as you are only as secure as your weakest link. With the ever-changing face of cyber security, it is difficult to prepare for possible attacks.

Date and Time:

• 28 September – 09:30 – 11:00

To find out more about this free opportunity to strengthen the cyber resilience of your organisation or to join the session click here

ScotSoft 2023

ScotSoft is back! Scotland’s leading and most anticipated tech conference will once again be held in person at the EICC on Thursday 28th September 2023. Join to hear from a fantastic range of speakers bringing us future trends, opportunities and strategies that will ensure Scotland’s digital community continues to grow and prosper.

As one of the Scotland’s biggest software conferences for over 25 years, ScotSoft allows you to connect, learn, and innovate while meeting new talent at the Young Software Engineer of the Year Awards. This year, the event offers an unparalleled opportunity to gain invaluable insights from industry leaders, collaborate with peers, and explore the latest industry trends.

Check out the ScotSoft2023 official website for more details.

Linking Cyber and Accessibility Webinars

Learn more about making your online presence accessible and staying safe online with Lead Scotland’s public webinars. Sign up today, everyone welcome to attend.

The free webinars being offered include ‘Setting up strong defences’, ‘Scams’ and more.

Find out more and register for the events here