Organisational attitudes toward cybersecurity can often be boiled down to two specific groups, according to Jude McCorry, Chief Executive of the SBRC.
There are those who think they will never fall prey to a cyber-attack and simply bury their heads in the sand, and there are others that are pro-active and trying their best to protect their organisations, staff and their customers.
“We all know cybercriminals, though,” she says. “If they want to do something, they’re going to do it. There has to be a healthy paranoia to prevent a disaster unfolding.”
Recent years have seen an increase in cyber-attacks globally, with ransomware now a key threat to citizens, businesses and public services around the world.
According to the NCSC Annual Review, published in November 2020, ransomware attacks increased markedly throughout the year.
Similarly, research by Check Point highlighted a 50% increase in the daily average number of ransomware attacks during Q3 of 2020 compared to the first half of the year.
The coronavirus pandemic also appears to have exacerbated the situation, given rise to new threats and laid bare the potential impact of a cyber-attack on critical infrastructure and public services.
At the onset of Britain’s pandemic lockdown, concerns were raised over home working practices and how cybercriminals may capitalise on the situation. Since then, local authorities, academic institutions and vaccine research has been targeted by state-sponsored hacker groups.
DIGIT’S 2021 #virtualevents calendar:
📅 #MarTech Summit https://t.co/JkViHnOzbF Wed 24 Feb
📅 ScotSecure #CyberSecurity Summit https://t.co/JaD886wGh9 24/ 25 Mar
📅 #DigitalEnergy Summit https://t.co/thGSfrBqlM 22 Apr
📅 DIGIT #Leader Summit https://t.co/alC1xjRvtW 26 May pic.twitter.com/XXGqh5Braw
— DIGIT (@digitfyi) January 18, 2021
In Scotland, McCorry says the recent ransomware attack against SEPA, which knocked several of its systems offline and restricted services, has highlighted the perilous threat landscape which organisations now face.
“This is the kind of thing that keeps me – and others who care – up at night worrying because if a major cyber-attack were to happen, we’d likely be part of the cadre of people to help deal with this,” she says.
“Our biggest fear is obviously our NHS or parts of it being attacked and knocked out, or our critical infrastructure as well. Over the last year, the pandemic has really changed things in that sense.
“We now view certain industry areas or services as being even more vital than before, and that includes vaccine research and rollout,” McCorry adds.
Recent cyber-attacks on Serco, which runs the UK Government’s Track and Trace service, further highlight the growing threats posed by cybercriminals and state-sponsored hackers, she notes.
In the wake of the SEPA attack, however, McCorry believes there are positives to be found and the incident could help others in the long-term. Now, perhaps more than ever, businesses and organisations may wake up and begin to take cybersecurity seriously.
“Ransomware has always been here, it’s not a new danger and we’ve been beating the drum for a while. If there’s any good to come of this [the SEPA attack] then it’s that we’re actually speaking about it and bringing it into the public arena.
“This is exactly where healthy paranoia needs to come into the equation for boards and organisations. There’s never a bad time to look at your weak points and try to improve things.”
- MarTech 2021 Virtual Summit | Two weeks to go!
- What powers artificial intelligence? A guide for business
- European regulator calls for ‘additional measures’ against ad targeting
The reaction from SEPA has been exemplary given the circumstances, McCorry believes, and the stiff upper lip attitude taken by the public authority has been admirable.
Repeatedly, SEPA has made it clear it will not pay a ransom or engage with cybercriminals – a tactic which she says is critical in the fight against ransomware.
“Certainly in terms of crisis communications they’ve been great. The way they’ve handled things with the press, with staff and partners has been very pro-active and they appear to have just gotten on with the day job as much as they can,” she says.
“When the time is right to come out and speak to organisations, I think it will be very helpful to a lot of people out there to listen to a case study on how SEPA handled things, what they’ve learned and how they dealt with it.”
From the top down
Throughout the pandemic, the SBRC has been vocal with businesses across Scotland and offered a helping hand to any that require assistance.
Toward the end of last year, the Centre launched its Exercise in a Box initiative which helps SMEs bolster their cybersecurity skills and awareness. The free-to-use service offers a vital helping hand to smaller organisations mindful of the threats they increasingly face.
Similarly, the Centre unveiled the appointment of former NCSC Chief Executive Ciaran Martin to its board. The appointment of a prominent figure in British cybersecurity, McCorry says, showcases the Centre’s willingness to continue helping organisations improve their cyber skills and protection.
Martin will lead the SBRC’s new executive advice seminars, which aim to raise awareness among c-suite executives and company boards throughout the country. Addressing this area, she says, will be critical in reacting to a future major attack on industry or public services.
“With the board training, what we are really trying to drive home to executives is that it’s not just a case of preventing a cyber-attack, it’s how you can keep the show on the road and maintain continuity of services, this is what you will be judged on, not the cyberattack,” she explains.
“It’s about knowing you can still serve a purpose, serve your clients, your customers and maintain services despite being hit. That’s what we’re really trying to teach here.”
Ensuring that c-suite executives and company boards are able to weather the storm is critical for any organisation’s survival in a cyber-attack situation, McCorry says. And a prime example of how to do things right has been Terry A’Hearn, Chief Executive of SEPA.
The candid, open and honest approach to this situation will likely be held up as an example in years to come.
There are many positives that Scotland can look to during such a difficult period in the global cybersecurity landscape. The country’s cybersecurity sector continues to flourish, with young, dynamic startups gaining global recognition.
Similarly, a recent report from ScotlandIS highlighted the country’s academic institutions as a key factor in raising Scotland’s global appeal.
Later this month, the SBRC will work with other stakeholders to host various events for Cyber Scotland Week, a showcase celebration of the country’s cybersecurity innovation and talent. The event series is delivered alongside partners from industry and academia as well as the third and public sectors.
Given the challenges of the past year, McCorry says the virtual festival will focus heavily on the strength of the nation’s sector and its bustling community. Initially, there were plans to host the Cyber Awards during Cyber Scotland Week, but we have changed this to the Cyber community awards.
“What we’ve really thought about this year is the community element and the celebration of that.”
As part of Cyber Scotland Week, attendees can register for free webinars, resources and learning opportunities.
For more information on Cyber Scotland Week 2021, visit: www.cyberscotlandweek.com