A NEW cyber-crime prevention support scheme has been created with the help of 'ethical hackers' as it emerged the number of victims in Scotland has doubled in two years.
In 2021/22, an estimated 14,280 cyber-crimes were recorded by the police in Scotland compared to the estimated 7,710 cyber-crimes recorded in 2019-20.
It is estimated that least one in 20 crimes recorded by the police in Scotland were cyber-crimes.
And it is thought that in 2021/22 almost half of all the estimated 8,010 recorded frauds were online.
It is believed the increase since 2019-20 may be due to the significant impact of the Covid-19 pandemic, resulting in behavioural changes such as increased online shopping.
Cyber-crime accounted for an estimated 28% of sexual misdemenours in 2021-22.
Now a free new cyber crime training guide for employees has been created to provide a comprehensive explanation of the most common attacks and how to avoid falling victim to them. It also provides instructions on developing secure passwords and protecting accounts.
One of Scotland's most high profile cyber-attack hit the Scottish Environment Protection Agency (SEPA) on Christmas Eve, 2020.
As of April, that cyber-attack cost the country's environment protection agency £5.5 million.
Scotland's auditor general said the attack was carried out after "human error" allowed criminals to access their systems.
It led to around 1.2GB of data, amounting to at least 4,000 files, being stolen.
An investigation by Police Scotland concluded it likely that an international serious organised crime group was responsible for the extortion attempt.
The new scheme has been kickstarted by the CyberScotland partnership, a collaboration of 16 organisations including the Scottish Government, Police Scotland, and the Scottish Business Resilience Centre, which was formed in February 2021 in response to the need for clarity around cyber security for individuals and businesses.
Cyber crime is any criminal activity carried out by means of computers or the internet in which hackers seek to exploit human or security vulnerabilities to steal passwords, data or money.
The aim of the scheme is to help better protection of computer systems and networks from information disclosure, theft or damage to their hardware, software, or electronic data, as well as disruption to the services they provide.
The Scottish Business Resilience Centre's ethical hackers, who are security experts routinely testing IT systems looking for flaws, developed the guide for the CyberScotland Partnership.
There is also access to an an online self-help tool from the National Cyber Security Centre (NCSC) designed to help organisations test and practice their response to a cyber attack.
It is a free, 90-minute non-technical workshop aimed at helping organisations find out how resilient they are to cyber attacks. It provides a forum to practice a business's response in a safe environment.
Scenario themes are said by the organisers as "realistic" and based on the main cyber threats organisations face.
The move to set up support for businesses comes after an announcement earlier this year from the Information Commissioners Office (ICO) – the UK’s independent authority set up to protect individuals and companies from attack – that anyone with access to data should receive cyber awareness training within 30 days of starting a new job and before being given access to any databases. The ICO also said training should be ongoing for all employees.
Jude McCorry, Chair of the CyberScotland Partnership, said: “Cyber crime is arguably one of the most pressing issues for businesses today, with the latest numbers showing instances in Scotland are reaching record levels.
"However, all the security in the world isn’t enough if your employees aren’t confident about how to keep information secure. This guide has been created with the cyber amateur in mind; it is easily digestible and uses only non-technical language.
“Our new guide is a must-have for any organisation serious about their cyber security. It’s an ideal add-on to staff induction packs, not only to help businesses comply with the ICO’s requirements but also make people more aware of what cyber threats exist and how to spot them."
In 2021-22, an estimated 200 crimes under the Domestic Abuse (Scotland) Act 2018 and 400 crimes of stalking were classed as cyber-crimes.
This represented an estimated 11% of crimes recorded under the Domestic Abuse (Scotland) Act 2018 and around half (48%) of crimes of stalking.
The breakdown on the costs of the SEPA cyber-attack showED that the organisation’s internal systems and networks had to be rebuilt from scratch.
More than £1.1m was divided between seven private firms who assisted with “systems recovery and rebuild”. Nearly half a million pounds was spent on digital forensic and recovery services to try to investigate the hack.
Some £353,000 had to be spent on getting crucial warning and communications systems — such as the national flood warning system — back up and running.
It also had to spend £280,000 on external communications and social media firms under the budget heading of “sharing our learnings widely.”
Officials estimated the agency lost more than £1.3m in missing income as a consequence of the attack.
It is estimated that public bodies have been hit by a cyber attack at a rate of one every month since the start of 2021, but ministers have put a block on the impact to services or budgets. The Scottish Government was told public bodies in Scotland were subject to 12 attacks in 2021, with a further two up until March 31, 2022.
Requests for information on which public bodies were affected were rejected in May due to security concerns. And ministers said that releasing details of how hard public bodies were hit by the cyber attacks, including any potential briefings or reports to ministers, would not be in the public interest.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel