Fighting back against cyber attacks
The Scottish Funding Council’s David Beards writes about the rising tide of cybercrime and how to keep your data safe.
We all get them – emails which invite you to open an attachment or to "click here”. These are classic ‘phishing’ emails, which we all know to handle with care. But what about emails which appear to come from a colleague with an email address you recognise? In the cyber war, the tactics employed by attackers are becoming ever more sophisticated.
So we need to be alert if we are not sure about emails. But dealing with phishing emails is only the tip of the Cyber-Security iceberg.
Today junk mail is sent to millions of addresses with the aim of promoting fraudulent businesses or as an attempt to probe security measures. Most of this traffic we don’t see, because it is filtered out by firewalls. These firewalls exist at several levels; at the level of national network infrastructure, local network providers, and individual organisations.
The spam which does get through is the most cleverly designed so it is often not detected by firewalls. Worst of all it may have been specifically designed to target you personally.
There are many other forms of cyber-attack. In recent years there has been a rapid growth in the scale of distributed denial of service (D-DOS) attacks, where huge volumes of traffic are directed at specific organisations in an attempt to overwhelm their systems (such that normal services to users are ‘denied’).
Jisc, which is part-funded by SFC, provides universities and colleges with shared digital infrastructure and services. Its network infrastructure has measures to mitigate D-DOS attacks, meaning that Scotland’s universities and colleges have been protected against costly disruption which could have denied services to thousands of students and staff. Jisc provides a range of cyber services, including the Cyber Security Incident and Reporting Service (C-SIRT), which alerts institutions to attacks and helps them recover quickly.
The Scottish Government has made cyber security a top priority, and the Cyber Resilience Public Sector Action Plan asks public organisations to have in place independent assurance of critical cyber security controls as part of a 10-point plan to tackle cyber security. Does that mean the Scottish public sector is completely cyber safe?
Well not quite. Networks and firewalls can only do so much. Ultimately security depends on all of us. During Scottish Cyber Week and beyond remember that the level of criminal activity conducted online is increasing. So protect your passwords. Change them regularly. Watch out for dodgy emails and websites. Report incidents. Keep your security software up to date. Be safe.
David Beards, Senior Policy Officer - 24 Apr 2019