One of Scotland’s leading cyber organisations has urged individuals and businesses to ensure their digital systems are ‘fit for purpose’ after it emerged a quarter of all online attacks in the UK in the past year have been ‘Covid-19 related’.

The Scottish Business Resilience Centre said it is vital people pause and reflect on the effectiveness of their defences after a new report from the National Cyber Security Centre showed the agency fended off 723 incidents between 1 September 2019 and 31 August 2020, with around 200 related to coronavirus.

In the previous three years since launching, the agency supported an average of 602 incidents annually (590 in 2017, 557 in 2018 and 658 in 2019) and the growth this year reflects ongoing NCSC efforts to proactively identify and mitigate threats, tips the organisation receives from its extensive network of partners and reports from victims themselves.

In a year heavily influenced by the pandemic, the review highlights the NCSC’s support for the healthcare sector, such as scanning more than 1 million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise, and working with international allies to raise awareness of the threat of vaccine research targeting.

With cyber criminals looking to exploit public fear over the pandemic with coronavirus-related online scams, the NCSC and the City of London Police also launched the Suspicious Email Reporting Service, which received 2.3 million reports from the public in its first four months – resulting in thousands of malicious websites being taken down.

The NCSC also provided the technical assurances during the creation of the Virtual Parliament, as well as producing a wide range of advice for businesses and individuals switching to home working as a result of the pandemic.

Jude McCorry, CEO of the Scottish Cyber Resilience Centre, said in response to the report: “It’s not surprising that cyber criminals have exploited so many individuals and businesses at a time when they have been extremely vulnerable. From ransomware to fake shop fronts scamming many unsuspecting individuals, now more than ever it is absolutely vital that we each take the time to pause and to ensure that we have systems fit for purpose to deal with such attacks – and on the occasion where they might happen, know how to swiftly deal with them. Resilience on many levels has been a theme which has emerged during 2020, but by no means will we be out of the woods when the clocks chime on 2021. Businesses and individuals must ensure that they are ready to deal with a cyber incident, and if not, then know who to call on for support.

“The SBRC has launched many programmes this year to ensure that businesses across Scotland are fit for purpose when it comes to cyber security; from the launch of our Incident Response line to our extensive Exercise in a Box training programme to help businesses across every inch of the country. Scotland plc is a valuable brand, and we are passionate about making sure that the business landscape comes out of the other end of this pandemic. With so many other external forces placing pressure on companies, if we can ease some of that by ensuring their cyber resilience practices and processes are in place, then that is one less aspect to worry about. The SBRC Incident Response line has been set in partnership with the Scottish Government. Businesses can reach the cyber incident helpline by calling 01786 437 472 weekdays 9am-5pm.”

Lindy Cameron, Chief Executive of the NCSC, said: “This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus. From handling hundreds of incidents to protecting our democratic institutions and keeping people safe while working remotely, our expertise has delivered across multiple frontiers. This has all been achieved with the fantastic support of government, businesses and citizens and I would urge them to continue contributing to our collective cyber security.”