More than 140 virtual events were held across Cyber Scotland Week, with several major announcements shining a light on the growing importance of the sector.
These included the creation of a Cyber Scotland Partnership made up of ten organisations, as well as the development of a one-stop web portal which offers the public a wide range of information and resources – from general cyber resilience, through to incident response, and careers advice.
There is also evidence that senior executives, especially in the public sector, are taking a much greater interest in cyber security, with many already signed up for an executive course offered by the Scottish Business Resilience Centre (SBRC).
Jude McCorry, chief executive of the SBRC, reflects: “It was a very busy, positive week, but what really matters is what comes next. One real positive is that we had 150 senior executives signing up for training courses within just a couple of days. One course starting next week is full and then two others in April/May and September/October are already full too.”
McCorry believes that the December ransomware attack on the Scottish Environmental Protection Agency (Sepa) has really focused public sector minds on cyber security.
She explains: “Sepa is a well-organised and well-protected agency, and the attack showed that everyone is potentially vulnerable. The calm response and clear communication from Sepa – and showing its moral compass by refusing to pay a ransom – has made it a very good learning experience for cyber security in Scotland. It has also highlighted positive, collaborative, working between the Scottish Government, Police Scotland and others.”
However, McCorry sounds a note of caution: “What if it had been four or five organisations at the same time? Or an attack on the NHS and critical infrastructure?”
She also urges the private sector to raise its game on cyber security, adding: “I understand that they have a lot on their plate, but they could be doing more. We need to see messages from senior leaders in all sectors that everyone has a part to play in cyber security.”
Ciara Mitchell, head of cyber at ScotlandIS, says the successful week of online events – from short, practical cyber security exercises to full-day conferences –
illustrates the growing significance of cyber security.
She adds: “From the smallest of community groups to the largest of businesses, cyber awareness and skills really matter. This year’s Cyber Scotland Week demonstrated the growing interest and awareness of cyber security across Scottish society and business.
“As well as shining a spotlight on the issue, it has also demonstrated the strength and depth of expertise in Scotland, which is increasingly recognised internationally as a hub for cyber and tech skills.
“With a burgeoning cyber sector, a new national portal for information and centres of academic excellence, Scotland is a global leader in cyber security.”
The week also saw the Scottish Government launch its refreshed Strategic Framework for a Cyber Resilient Scotland. Making the announcement, Ivan McKee, Minister for Trade, Innovation and Public Finance, said he believed the framework lays out a clear focus about what needs to be done, and that partnership working can take it forward.
A spokesperson from Skills Development Scotland, a member of the new Cyber Scotland Partnership, says: “Despite all the challenges of having to deliver a week-long festival of events entirely online, I think this was the best CyberScotland Week yet.
“Awareness of the amazing career opportunities offered by the cyber security sector, as well as the need for organisations to be cyber resilient, has never been so high. We just need to turn that awareness into action to make sure digital Scotland stays safe online.”
Jude McCorry believes the week of events worked well online, and allowed the conversation to spread across the entireity of Scotland and not just the Central Belt.
She says: “We were able to honour people like Gordon Macdonald, a police officer in Stornoway, at the SBRC Cyber Community Awards, when normally it would have been really difficult for him to attend an awards ceremony in person. I think it is really important that we seek to take the cyber message beyond Edinburgh and Glasgow to the whole of Scotland.”
In terms of next steps, McCorry says it is time for Scotland to “sell its story” on cyber security – much like it has done in terms of data – and to turn great ideas into action.
“In Scotland, we are very good at inventing and innovating, but we have to be better at excelling – and better at turning that innovative mindset into economic benefits.
“I want people in criminal gangs to look at an organisation and say, ‘No, that’s based in Scotland. We won’t try to attack it because we won’t get in there, due to the high quality of cyber security collaboration in that country.”
For information on all things cyber, see www.cyberscotland.com