Don’t ‘bombard’ victims of cybercrime, says Jude McCorry
The boss of Scotland’s national cybersecurity resilience centre has revealed she received 150 messages on LinkedIn from organisations keen to help a mental health charity which was hit by a cyberattack in March.
Jude McCorry, chief executive of the Scottish Business Resilience Centre (SBRC), has called on companies who provide cybersecurity products and services to “stay at arm’s length” and “don’t bombard” recent victims of cybercrime.
Speaking at CyberUK – the UK Government’s flagship cybersecurity event hosted by the National Cyber Security Centre (NCSC) – in Wales on Tuesday, she urged the leaders of organisations targeted by online hackers to “choose your help really wisely”.
McCorry’s comments come after the Scottish Association for Mental Health (SAMH) experienced a “devastating” cyberattack on 17 March, which crippled its systems and communications channels.
Speaking about the incident, she said: “I had 150 LinkedIn messages in the first day going ‘Tell SAMH we can help them’, and I was like, ‘Woah, give them the space. Give them the respect to try and figure out exactly what they need and what they need to do and then I’ll come back to you, or we’ll have a call with you, but don’t bombard these organisations.’
“‘It’s great that you want to help, but stay at arm’s length and [avoid saying] your products will help fix this, or that if they had bought your product it never would have happened.'”
McCorry, who spoke on an expert panel chaired by Paul Maddinson, director of the NCSC, also spoke about the need to improve victim support.
She said: “We all talk about victim support, [but] I don’t see much of it. And I think why we now have got some more strong females in cyber is because of that maternal thing.
“I go home and I worry about all these people that have called in.”
Recalling her thoughts in the immediate aftermath of the cyberattack against the Scottish Environment Protection Agency (SEPA), whose systems went down on Christmas Eve in 2020, she said: “How are they going to enjoy their Christmas? These poor people.”
She said: “If it was a bank robbery in the 80s of the 90s, then that bank would be closed for a few weeks, there’s an investigation going on, the staff are treated with counselling and they’ve got all this pastoral support”.
McCorry also warned against “victim blaming” in the cyber sphere.
She said: “I also see victim blaming. If it’s a small organisation, somebody goes, ‘I bet it was him that did this’ or ‘Who clicked on the email?’ and stuff.
“I think we need to be very, very careful and very supportive to these organisations. Because we want the next generation of cyber people, we don’t want people thinking they’re coming in to work in an industry that people are going to blame them if we do have these attacks.
“So we need to build in this pastoral support just in case anything happens.”
She said that “supporting the victims” was “more important” than anything else being discussed by cyber leaders, including education.
McCorry was joined on the panel by Nelson Ody, product manager – cybersecurity at software company RM, Siwan Rees, senior programme manager at business support programme Impact Innovation, and Rob Jones, interim director general of the National Economic Crime Centre.
CyberUK, which was held at the International Conference Centre Wales in Newport from 10-11 May, also heard from Rob Joyce, director of cybersecurity, US National Security Agency (NSA), Jen Easterly, director of US Cybersecurity & Infrastructure Security Agency (CISA) and Lindy Cameron, chief executive of NCSC.
The government keynote was delivered by Steve Barclay, Downing Street chief of staff and chancellor of the Duchy of Lancaster, where he warned of the evolving threat of cyber attacks following Russia’s illegal invasion of Ukraine, and committed to boost cyber defence skills across the UK.
The event was joined by over 1,500 delegates from the cyber community, both in-person and online.
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…
Look anywhere – the future is ‘aged tech’. But Scotland needs to be more adventurous
Scottish Care, as the representative body of independent social care providers of care home, care at home and housing support services, has been working over several years with colleagues in…
Women Lead: Engineer turned entrepreneur
We are always fascinated by other people’s stories. It’s how we connect, grow and learn from each other. Until very recently I always felt like I didn’t have a story to tell. Who…
‘Women – together we will change the dynamic in tech’
I was inspired to start a career in technology when personal computers were in their infancy and the internet decades away. My childhood dream of becoming a scientist was shaped by…
It’s time to change the future of tech apprenticeships – and we need your help
In his latest exclusive column for Futurescot, Ross Tuffee, chair of the Skills Development Scotland (SDS) Digital Economy Skills Group, calls on tech employers to get involved in shaping the…
What AI difference a year makes
Amazingly, it’s been one year since the publication of Scotland’s AI Strategy. And what a year it has been. Demanding but rewarding, with good progress made and great foundations laid…
International Women’s Day: It’s time to harness power of women in technology
As we celebrate International Women’s Day, I hope to be part of a future where barriers that prevent women from competing on a level playing field in the work environment…