Scotland’s new online resilience partnership has identified six cyber threats that businesses may face in 2022.
The CyberScotland Partnership, chaired by Jude McCorry, chief executive of the Scottish Business Resilience Centre, believes the potential threats could damage organisations next year if they don’t take steps to protect themselves.
The group is now calling on companies to educate and equip themselves to mitigate the potential impact these areas pose to business operations.
Last month, the National Cyber Security Centre published its annual report noting a marked increase in cyber related incidents and attacks.
McCorry said: “Ignorance about potential cyber attacks is not an option anymore – action must be taken to ensure businesses do not become a statistic.”
Ransomware attacks on the rise
Ransomware attacks have received a lot of media attention over 2020 and 2021, and according to CyberScotland, “show no signs of going away”. A Sophos report found that 35 per cent of British businesses were hit by ransomware attacks in the past year.
To avoid systems being infiltrated by cyber criminals and then being held to ransom for their data, the “most basic thing” that an organisation can do to mitigate this is to check that their systems – including firewalls and antivirus programmes – are up to date.
Regular backups are vital, as is having an offline backup available too; organisations are more likely to get their data back by relying on a recent copy than paying ransom. As a follow up to this, the partnership is urging businesses to consider becoming Cyber Essentials certified – giving the organisation and its stakeholders reassurance that systems defences are strong.
How secure is your supply chain?
Given the rise in cyber attacks and vulnerable nature of organisations due to the pandemic, the CyberScotland Partnership says it is vital that, in 2022, steps are taken to clarify an organisation’s position should an attack happen with a partner or supplier.
According to the organisation, the online nature of business means that “digital supply chains” are becoming larger and more complex and it is becoming increasingly difficult for other businesses in the chain to ensure they are protected when they don’t know what cyber processes and procedures other businesses might have.
There are several scenario-based training programmes on the market including the National Cyber Centre’s Exercise in a Box programme which has a supply chain scenario being run by the Scottish Business Resilience Centre. For those in the public sector, teams can call on the Cyber Security Procurement Support Tool for additional insight.
Beware mobile malware
Cyber criminals have tapped into citizens’ reliance on living digital lives and “we can expect to see a rise in mobile malware attacks”. Savvy cyber hackers will look for more ways for individuals to download or access cleverly planted malicious software to gain access to private data.
To counter this, individuals need to be clear on permissions they grant to download applications onto company owned devices, and should also be mindful of the origin of similar applications being downloaded to personal devices. Completing regular software updates as prescribed by device vendors will also help to limit widespread issues.
Hybrid working
With next year marking the second anniversary of remote working, it may be possible that organisations have not reviewed their cyber policies and training programmes, meaning they have an out-of-date picture of the devices and tools their teams are using.
According to CyberScotland, organisations must conduct a device audit and take action to update or decide if more stringent changes need to be made. This audit should consider whether employees are using personal or company devices for work, explore awareness around clicking on suspicious links, and the importance of backing up work on these devices to a secure network.
Protect your social profiles
Social media profiles – which detail everything about a user from where they live to where they work – are increasingly becoming a “solid route” for cyber criminals to set up fake profiles to connect with individuals through platforms. This allows them to gain access to personal details to break into organisations.
The partnership says people must be mindful of who they are speaking to and ensure that no personal details or files are shared with unknown contacts.
Consider attacks to your IT providers
Attacks on cloud service providers and microservices that organisations use are on the rise. 2021 has seen several large-scale outages on major cloud providers, the most recent being Google Cloud in November 2021. Alongside being mindful of the wider supply chain, organisations need to be prepared should an IT service they rely on suffer a cyber attack or outage.
According to CyberScotland, having a backup service to increase an organisation’s resilience is wise, especially one that can be dialled up should the outage from the CSP or other IT vendor continue for any length of time. This will limit any broader impact to the business which may also result in governance issues. It is highly recommended that organisations look for an IT provider that is Cyber Essentials certified.
The IT Managed Services directory features over 170 Scottish companies that provide IT managed services, and will easily identify those that are both cyber resilient themselves through the Cyber Essentials programme, while also showing providers who offer vital security services.
More information on resources to protect your organisation from a cyber incident is available online here.
Related posts
Interviews
Comment
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…
Look anywhere – the future is ‘aged tech’. But Scotland needs to be more adventurous
Scottish Care, as the representative body of independent social care providers of care home, care at home and housing support services, has been working over several years with colleagues in…
Women Lead: Engineer turned entrepreneur
We are always fascinated by other people’s stories. It’s how we connect, grow and learn from each other. Until very recently I always felt like I didn’t have a story to tell. Who…
‘Women – together we will change the dynamic in tech’
I was inspired to start a career in technology when personal computers were in their infancy and the internet decades away. My childhood dream of becoming a scientist was shaped by…
It’s time to change the future of tech apprenticeships – and we need your help
In his latest exclusive column for Futurescot, Ross Tuffee, chair of the Skills Development Scotland (SDS) Digital Economy Skills Group, calls on tech employers to get involved in shaping the…
What AI difference a year makes
Amazingly, it’s been one year since the publication of Scotland’s AI Strategy. And what a year it has been. Demanding but rewarding, with good progress made and great foundations laid…
International Women’s Day: It’s time to harness power of women in technology
As we celebrate International Women’s Day, I hope to be part of a future where barriers that prevent women from competing on a level playing field in the work environment…