Welcome to Cyber Week 2024

Cyber Week is an annual event intended to bring people and organisations together to raise cyber security awareness and to increase cyber resilience by doing so. We will be sending a message to all staff each day this week and the theme of the cyber security messages this year will be cyber-attacks and looking at examples of how cyber-attacks happen.  There have been an alarming number of cyber-attacks reported across the UK and some recently in Scotland.  We’ll look at some of the aspects of an attack in detail, especially the effects and consequences.

Day One Malware!

Malware is malicious software which can cause harm in many ways, including:

• causing a device to become locked or unusable
• stealing, deleting or encrypting data
• taking control of your devices to attack other organisations
• obtaining credentials which allow access to your organisation's systems or services that you use
• 'mining' cryptocurrency
• using services that may cost you money (e.g. premium rate phone calls).

The most common type of malware is called ransomware, and it is this form of malware that you may have read about in recent news.  It is the type of malware that caused the SEPA cyber-attack incident in 2020 and more recently, the cyber-attack at the Western Isles Council. 

Ransomware is a type of malware that prevents you from accessing your computer or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network and may spread very quickly indeed. 

The most common route for any cyber-attack to come into an organisation is via a 'phishing' email, usually an unsolicited email that will contain a clickable link or an attachment. Every week the Council’s cyber security measures stop thousands of malicious email messages from reaching you, but, even with the advanced measures we have in place, sometimes messages are able to get through. A malicious email may appear at first glance to be credible.  It may even appear to come from someone you know, a senior figurehead or supplier but things aren’t always what they seem to be and as always, our advice is not to open unsolicited attachments or click links within emails without checking their authenticity first by phone if necessary. 

If you inadvertently open an attachment or click a link you feel you shouldn't have then report it to the IT support desk immediately and switch off your workstation.  Use the same vigilance at home to protect your personal data – the same dangers can apply to your home devices.

Spotting a phishing email is becoming increasingly difficult, and many scams will even trick computer experts. However, there are some common signs to look out for:

• Authority - Is the sender claiming to be from someone official (like your bank, doctor, a solicitor, government department)? Criminals often pretend to be important people or organisations to trick you into doing what they want.
• Urgency - Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
• Emotion - Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
• Scarcity - Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
• Current events - Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

Your bank (or any other official source) should never ask you to supply personal information from an email. If you have any doubts about a message , call them directly. Don't use the numbers/emails in the email, but visit the official website instead.

Ransomware incidents are on the increase and as you will see over the week, can be very devastating to organisations, businesses and individuals.

Thank you for taking the time to read this and your continued vigilance

Thomas Aldred

Service Manager (ICT)