It's day one of Cyber Scotland Week 2022. Let's start off with a question: why is cyber security important to all of us?

If it were measured as a country, then cybercrime would be the world’s third-largest economy after the US and China with costs predicted to reach $10.5 trillion USD annually by 2025. Commentators point out that this represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.  

During 2021, reported losses as a consequence of cybercrime in the UK amounted to £2.4bn with social media and hacked email accounts emerging as the top platforms used by criminals. 

Email Security

Weak passwords can lead to personal email accounts being hacked and can result in criminals acquiring personal details and taking control of personal accounts as a means to undertake fraud. Consider if you use the same password across multiple accounts including your email. SPPA are no strangers to fraud attempts when customers have become victims of identity theft often a consequence of their personal email being hacked. 

Emails are also a route for ransomware (more about the consequences of a cyber-attack later in the week) to enter a computer or network. Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that will download malware or direct them to a dodgy website. 

Phishing can be conducted via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money. 

Phishing emails can hit organisation of any size and type as well as individuals. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against an organisation, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about our colleagues or organisation to make their messages even more persuasive and realistic. This is usually referred to as spear phishing. 

What you need to remember 

  • Don’t use the same password across multiple accounts 
  • Do not click on any links or download any attachments on any suspicious emails. There is a risk that by clicking on any link or downloading an attachment, you could potentially be installing malware or virus onto your computer 
  • At home, you can report suspicious emails to NCSC via report@phishing.gov.uk 

Do three things today

  1. Check that you are protecting your online accounts by using strong passwords, such as choosing three random words.
  2. Check if your existing email address or passwords have been involved in a data breach by visiting have I been pwned.
  3. Watch the following video on phishing: