Cyber Security – November 2023

kirsteen StirCyberSec

Understanding and defending against cyber security threats

Introduction

In today’s digital age, the internet has become an integral part of our lives which exposes us to various cyber security threats. In this blog post, I will provide a high-level overview of common cyber security threats, how to recognise them, how to report incidents, and discuss some recent incidents to highlight the importance of cyber security awareness.

Cyber Security Threats

Cyber threats come in many forms, each with its own unique characteristics and can range from relatively simple to highly sophisticated attacks.

The key threats to a University are:

  • Ransomware is a malicious software that encrypts data and demands a ransom for its release.
  • Malware encompasses a wide range of malicious software, including viruses, Trojans, and spyware. Malware is typically disguised as an attachment to an email or teams message.
  • Phishing involves tricking individuals into revealing personal or sensitive information by impersonating a trustworthy entity. This can be done via spam or spoofed emails or teams messages or spoofed QR codes and phone calls.
  • Software Vulnerabilities come in two formats: Zero day (no patch or fix available) and known vulnerabilities that have an available patch or fix.  If you download software or install apps, you must keep this up to date. The University manages university software but often updates need your laptop to be restarted for them to take effect, so if you are prompted to restart your laptop, please do as soon as possible.

Practical Tips to protect yourself and the University

  • Be cautious with attachments and links in both emails and teams messages. Do not open suspicious emails or teams messages or download attachments from unknown senders.
  • Always verify the sender’s address and the legitimacy of the contact before clicking on links or downloading attachments.
  • Hover over links in emails and teams to see the actual URL before clicking. Ensure it matches the expected domain.
  • Complete the Cyber Security training to ensure you know what to look for.
  • Only download software and files from reputable sources. Avoid shady websites and pirated content.
  • Be careful when inserting USB drives from unknown sources, as they can be a source of malware.
  • Install browser security extensions that can help block malicious websites.
  • Look for the padlock symbol and “https://” in the address bar to ensure a website is secure before entering sensitive information.
  • Be sceptical of unsolicited emails, especially those requesting personal or financial information.
  • Verify the identity of the caller before sharing any personal information or financial data.
  • If you receive a phishing email, report it via the Report functionality within Outlook.

Reporting suspicious activity

The cyber security training is available to all staff and students to enable users to recognise suspicious activity. However, recognising threats or suspicious activity is just the first step. Knowing how to report incidents is equally important:

Report all suspicious activity to:  askIT@stir.ac.uk

They can collate alerts from multiple people which means they have a better understanding of the scope/size of a potential incident.

Recent Incidents

The University of Manchester was a victim to a ransomware attack in June 2023. See here for further details: University of Manchester hit by cyber attack – BBC News. As part of the attack, data was stolen including NHS related research data.

In the following month, University West of Scotland (UWS) was also a victim to a ransomware attack which resulted in their data being put up for sale on the dark web. https://www.bbc.com/news/uk-scotland-glasgow-west-66327336

Cyber Security Training

As you can see, the Higher Education sector is a target for cyber attacks.

Our first line of defence is knowledge so if you haven’t completed the cyber security training yet, you may not have the awareness and knowledge needed to protect yourself against cyber threats.

You can access the cyber security training directly via:

https://universityofstirling.metacompliance.com/

Or via Teams. The Metacompliance app should be available on the left-hand side bar within Teams. 

The monthly blogs are also available on Metacompliance.

Recommended Podcast

If you want to know more about Threat Intelligence, give Smashing Security a go. This podcast provides clever insights into cyber security developments and occurrences with a nice a touch of humour.

View the first in our series of monthly Cyber Security blog posts – Cyber Security Month – October 2023.