The fourth annual Scottish Cyber Awards are set to take place on the 20th November 2019 at Edinburgh’s prestigious Sheraton Grand Hotel, where the brightest minds in the Scottish cyber security ecosystem will be celebrated.
Innovators, pioneers and leaders from across the cyber industry and academia will come together to shine a light on Scotland’s flourishing cyber sector.
The event will be hosted by the Scottish Business Resilience Centre (SBRC), a leading Scottish organisation that champions cyber resilience across the UK. Ahead of the event, DIGIT spoke to last year’s winners to get their take on how the cybersecurity landscape has changed over the past year.
The implementation of the General Data Protection Regulation (GDPR) is arguably one of the biggest cyber security milestones of 2018. GDPR celebrated its one year anniversary on the 25th May this year, and has already had a significant impact on the cyber security landscape.
Winner of the Best New Cyber Talent award, Peter Aaby of Edinburgh Napier University, said he thinks GDPR has had a positive effect on cyber security.
“GDPR continues to increase transparency,” he said. “It also forces companies to take people’s data protection much more seriously. And while breaches may still happen, companies are becoming much better at communicating issues and at proactively reaching out and embracing the cybersecurity community through bug bounties etc.
“Beyond compliance and data protection, I hope the trend of better privacy and compliance continues and is supported by reduced vulnerability exposures. This could be achieved by applying privacy-preserving techniques to sensitive data, storing less information, and by merging bug bounties with security departments.”
- New Imaging Technology Could Help Fight Cancer
- Loss of Access to EU Airline Data Will Create an ‘Intelligence Black Hole’
- Facebook Prepares to Tackle General Election Misinformation
Three in ten businesses (30%) and more than a third of charities (36%) say they have made changes to their cyber security policies or processes as a result of GDPR, according to research by the Department of Digital, Culture, Media and Sport.
It is evident that the implementation of GDPR has driven a general awareness about privacy and data protection among internet users, consumers and individuals. As of 22 May 2019, figures from the EU Commission show that 67% of Europeans have now heard of the GDPR and 57% know that a public authority in their country is responsible for safeguarding their rights.
In 2019, more businesses and charities than before have taken positive steps to improve their cyber security – this is in part linked to the introduction of GDPR.
In terms of the biggest threats over the past year, Harry McLaren, 2018’s Cyber Evangelist of the Year, said there had been a marked increase in ransomware attacks and of companies paying out to hackers. According to Which?, there has been a surge in highly targeted ransomware attacks on businesses.
Although ransomware has been around for decades, it has grown increasingly sophisticated in its ability to spread and evade detection, making it more effective in coercing users into paying. Although ransomware attacks are less common than phishing attacks, businesses that experience such an attack are more likely than others to experience a negative outcome as a result.
“Paying out ransoms to get back to business-as-usual as fast as possible is a worrying trend,” McLaren said. “This behaviour encourages attackers to target organisations in this way, and is completely unethical, as these attackers are proven to often be connected to organised crime and terrorism.”
Cary Hendricks, global operations director at ID Cyber Solutions, the winner of last year’s Collaboration with Police Scotland award, also noted this rise in ransomware attacks. However, he also said there had been a marked increase in those seeking to get certified and trained in how to prevent attacks and improve their cyber resilience.
“The cyber security landscape has changed drastically as the attacks on businesses have become far more intensified with more advanced ransomware,” he said.
“At the same time, we have seen a marked increase in those seeking training and being able to understand more about how they can mitigate the threats.”
Taking the most basic precautions, he observed, had a profound effect on an organisation’s ability to ward off or withstand a cyber attack.
He added: “Law enforcement’s support of this preventative approach to cyber crime has helped raise the overall level of awareness about potential threats. Businesses have really taken note.”
Around three-quarters of businesses (78%) and charities (75%) now say that cyber security is a high priority for their organisation’s senior management. These proportions are higher than in 2018 (when it was 74% of businesses and 53% of charities). For businesses, there is a longer-term upwards trend going back to 2016 when the figure was 69%.