Scotland Cyber Security: Cyber and Fraud Centre Scotland Event
Few businesses in the world don’t need to care about cybersecurity. Are you one of them?
Any business that holds information digitally needs to care. Scotland cyber security is an ever-evolving threat that needs to be kept on top of (hence the need for events where important information can be spread widely).
But what’s the point of some people learning everything without passing it on? Thus, we’re going to relay one of the most thought-provoking cybersecurity lessons in this blog post – so stay tuned!
Reading it may be pertinent to your business.
Do You Struggle with Cyber Security in Scotland?
We know that not everybody can make it to cybersecurity events.
Unless you’re already a cybersecurity expert, it’s difficult to know what cybersecurity event to go to. Thoughts flood your mind like ‘what event will I get the most benefit from?’ ‘What event is recommended for my skill set?’ and more. It’s difficult!
You’ve also already got about a million different events catered for your role. How do you know what event will improve your business the most? How do you know what event is the most useful to you? Should you learn more about cybersecurity or should you go to a sales event instead? You can’t go to them all! What do you choose?
That’s why we want to relay the information we learn at important cybersecurity events. You should be able to get the information you need to protect your business, even if you struggle with any of the problems above. We’ll choose the best events to go to and put what we’ve learned in a language you can understand.
The event we chose to go to this time was one by the Cyber and Fraud Centre Scotland as they prepared for CyberScotland Week 2023 (27 February – 5 March 2023).
Scotland Cyber Security Event
The event took place on the 22nd of February 2023 and was run by the Cyber and Fraud Centre Scotland (formerly known as the Scottish Business Resilience Centre). They changed their name to align with the soaring levels of cybercrime and fraud that Scottish businesses are currently being plagued with!
The Cyber and Fraud Centre Scotland also works closely with Police Scotland and the Scottish Government so their advice is based on experience and expert knowledge.
The Cyber and Fraud Centre Scotland
As usual, the speakers all had very interesting topics and invaluable information to share with us about Scotland cyber security.
However, there was one common theme among all of their speeches: they all agree that the weakest link in a business’s ‘cybersecurity posture’ is the human element of the Cyber Defence Plan.
Nowadays, the level of Ransomware attacks and Business Email Compromise now far outweighs any other form of cyberattack – all because the human level of cyber security is easier for hackers to gain access.
Having the best technology in place is no longer the silver bullet it used to be to ensure IT security. You need to inform and train your employees on how to identify and report dubious cyber activity.
Without training employees, your business will always be at risk – no matter the technology you have in place!
To do this, you need to create the correct policies and procedures to clearly give staff a good understanding of the “do’s and don’ts” of cyber security in Scotland.
Stop hackers from getting into your systems by improving the human level of your defence!
Do remember you’ll never have a strong cybersecurity posture without a good line of communication with your employees.
Unless there is good communication, you’ll find that most employees will not report if they become the victim of an attack from fear of the consequences.
The 3 Key Areas for Your Cybersecurity Defence
The Cyber and Fraud Centre Scotland laid out their 3 Key areas to consider when preparing your company’s Cyber Defence (and with 2/3 being about people and processes, it just shows you how important it is!):
Technology
Have the correct tech for the correct job, and make sure you keep it up-to-date.
People:
Ensure your employees have received the correct training and tools to avoid a Cyber Attack. Also, develop a good IT Culture where employees feel comfortable reaching out if they feel they have been attacked.
Consider fake ‘ransomware’, ‘business email compromise’ or ‘phishing email’ tests to see what employees fail and keep testing them until they continously pass. The best training is to ‘do’ rather than ‘see’.
Policies/ Organisation:
Ensure that effective policies are in place and followed. All staff should adhere to them, including (and most importantly) leadership.
Senior executives are often a huge target for cybersecurity attacks so they need to strict with adhering to all policies. If staff see leadership not adhering to best practices, they may follow suit and not follow cybersecurity best practices. So, it is essential for leadership to follow all cybersecurity policies.
Scotland Cyber Security Now
Being hacked is not so much ‘if’ but more ‘when’ now – an expert at the event.
Cyber Criminals are not opportunists; they are career criminals who approach their attacks methodically and ruthlessly. They are a complex network of organised people who are continuously evolving, and no business is too small or too large for them.
Preparing a good Incident Response Plan is essential to your business if you want to stand a chance of surviving!
Those who don’t prepare, don’t survive.
The VERY Important Stuff
The Cyber and Fraud Centre Scotland want you to protect yourself with the 3 key areas we mentioned. But that’s not the most interesting piece we heard from this event!
IT Security for Small Businesses
(In hearsay) if your business has less than 100 employees, Police Scotland may not respond to your cyber-incident until around 72 hours!
That means, if you’re an SME, it’s of the utmost importance to get Cyber Insurance to protect your business for the first 3 days at least (although you may need it even after the police start investigating!)
Police Scotland’s cybercrime unit is so busy that they do not have the manpower to look at smaller businesses as quickly. Be aware that if you ever need Police Scotland’s assistance, you may not get a fast response.
If you don’t already have it, Cyber Insurance should be something you look further into.
Incident Response
The Cyber and Fraud Centre Scotland is there to advise you and help during the 72 hours before Police Scotland will respond. Their incident response number is on their website, but I will also post it below for ease:
Cyber and Fraud Centre Scotland Incident Response Helpline: 0800 1670 623
Hackers Can Strike Twice
If you’re in the process of being hacked, that might not be the only thing you need to worry about. The majority of hackers will go on to sell your data, methods on how they hacked you, your customers’ data etc. They’ll sell whatever they can…
Meaning, you could be hacked more than once! For example, a company was once in the middle of paying a ransom when a new ransom came in. The first hacker sold a ‘how to hack this company’ package, and another hacker bought it and put them for ransom again. Two ransoms at the same time!
Conclusion
We learned a lot at the event, and we hope you have gained something from this as well. Cyber Insurance is something your business should think about getting if you don’t have it already – it can potentially save your business from going under WHEN an attack happens.
You don’t want to lose your business to an attack, so do everything you can to protect it.
If you need some more information on anything we’ve mentioned in this blog, contact us today!
The Cyber and Fraud Centre Scotland host many events in-person and online for free. If you’ve got the time, join us at an event and learn straight from the experts!
Disclaimer: All of the information about the 72 hours for a response for Police Scotland is hearsay from the event and not fact. Police Scotland may reply to your business before 72 hours – but are extremely busy and will likely work on a system of priority. If you are attacked, report the crime and be prepared in the case of a slow response.
Index:
Cybersecurity posture: the strength of the cybersecurity controls and protocols for predicting and preventing cyber threats, and the ability to act and respond during and after an attack.
Ransomware: A type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. You can get a ransom demand for this.
Business Email Compromise: A type of cyberattack that occurs when a hacker gains access to a business’s email account(s). Once accessed, they can send emails from business accounts to employees, customers, or other businesses to initiate fraudulent transfers of money.