cyber security – The NEN – North Edinburgh News

Cybersecurity in the spotlight as Edinburgh Napier’s Innovation Hub hosts flagship global cyber conference

Napier’s Cyber Academy is organising the sixth International Conference on Big Data, Cybersecurity & Critical Infrastructure

Edinburgh Napier University’s recently launched Innovation Hub, in partnership with the University’s established The Cyber Academy, is to host a global annual cybersecurity conference at its Craiglockhart campus next month.

Now in its sixth year, the International Conference on Big Data, Cybersecurity & Critical Infrastructure annually gathers leaders in the field of cybersecurity — from industry and academia, across Scotland and beyond — to share the latest emerging big data and cybersecurity insights, as well as discuss the themes of ‘digital twins’ and ‘critical infrastructure’.

As well as showcasing the latest cybersecurity spin-out businesses that have emerged from Edinburgh Napier University in the last year (TrueDeploy and LastingAsset), well-known global businesses will participate in this industry-focused conference on 11 May 2023.

Some of the confirmed speakers and panellists include:

Prof Sokratis Katsikas (Director of the Norwegian Centre for Cybersecurity in Critical Sectors), Tim McNulty (Group Chief Security Officer, Barclays), Beck Pinkard (MD, Global Cyber Operations, Barclays), Mark Cunningham-Dickie (Quorum Cyber), Mark Mitchell (FORTINET), Keith McDevitt (Scottish Government), Rory Alsop (Tesco Bank/CIISec), Harry McLaren (SenseOn), Elisabeth Momola (SGN), Paula Kershaw (CCO & Cyber Resilience, Barclays).

As well as representatives from Edinburgh Napier University:

Prof Bill Buchanan OBE, Prof Nick Antonopoulos (VP Research), Prof Berk Canberk, Prof Leandros Maglaras, Nanik Ramchandani (Royal Society Entrepreneur-in-Residence), Andy McGoff (Director of Finance & Operations), Prof Matthew Broadbent.

This symposium is being convened by the Manager of the Cyber Academy, Basil Manoussos, who has extensive experience in digital forensic investigations, as a practitioner and director of Strathclyde Forensics Ltd. He works with organisations such as the Law Society of Scotland and Interpol – and was twice shortlisted at the Scottish Cyber Awards as a “Cyber Evangelist of the Year”.

Explaining more about the forthcoming global cybersecurity conference, Basil said: “This annual cybersecurity conference is our flagship event in our calendar.

“It has been growing in popularity over the years, attracting an ever-increasing number of attendees with an interest in hearing the latest news developments and emerging insights in cybersecurity, as well as having the opportunity to network and grow connections with fellow professionals in this field.

“We are honoured to welcome an inspiring line-up of great speakers and panellists from across the industry, academia and government, with Edinburgh’s Lord Provost, The Right Honourable Robert Aldridge, officially open to this international conference.”

“As well as hearing from our own spin-outs and from industry cyber experts, we will also hear from one of the top lawyers in data protection at Chalmers Stewart LLP, Laura Irvine and Alexandr Chernykh, the official representative of the Ukrainian National Bar Association in Scotland, who will talk about GDPR, data protection and the role of IT law and blockchain legislation in Ukraine’s future.”

This event will take place at Edinburgh Napier University’s Craiglockhart campus, from 9:30am to 4:30pm, on Thursday 11 May 2023.

Advanced registration is essential via EventBrite.

WhatsApp ‘family emergency’ scam warning

Online safety is increasingly important, even for popular platforms like WhatsApp. With over 2 billion users worldwide, WhatsApp has become a favourite target for fraudsters and tactics have become more ingenious and effective than ever.

The majority of users are vulnerable when online, making it an irresistible platform for scammers. Cybersecurity experts from VPN Overview have compiled their top tips on how to recognise WhatsApp scams and how to prevent them:

What is WhatsApp fraud (friend or family emergency scam)?

WhatsApp fraud is a form of fraud in which cybercriminals pretend to be a victim’s acquaintance and then ask them for money. Currently, most of those criminals pose as a friend or family member and ask for financial help because “they urgently have to pay a (high) bill” or “they have an emergency and urgently need some money”.

Usually, the perpetrators pretend to be in a hurry, most likely to entice their victims to take immediate action. That is why this type of fraud is also referred to as a friend or family emergency scam. Sadly, on average victims loose thousands of dollars to WhatsApp scams. Age also seems to be a factor, with most of the victims being over 50 years old.

In most cases the phone number used by the criminal to commit WhatsApp fraud is unknown to the victim, yet the attached profile picture is familiar. Consequently, the victim thinks that he or she is indeed communicating with a friend or family member.

However, criminals can easily copy a photo from other social media platforms, such as Facebook or Instagram. The same applies to other information that can be used to mislead the victim. Like the vocabulary an individual may use, or certain events the individual may have posted about online (“Should’ve asked you for help when we were in that bar yesterday…”).

What are the tell-tale signs of WhatsApp scams?

Scammer creates a sense of urgency and pressures you to pay quickly.
Scammer contacts you from an unknown number.
Scammer informs about a number change and quickly talks about money.
Poor English is used in their messages.
Scammer does not want to be called.
Scammer asks for money to be transferred to an unknown account or uses an app that hides account numbers.

Tips to prevent WhatsApp fraud

Check if the number is correct if someone asks for money.
Check the language and communication style of the message.
Call the number or contact the person in a different way to verify the story.
Do not let the fraudster pressure you; think logically.
Ask the scammer a question only your friend or acquaintance would know the answer to if suspicious.
Secure voicemail with a personal code.
Never send a verification code without questioning.
Set up “2-Factor Authentication” on WhatsApp.

Remember that the tips provided above are not only important to protect yourself. If criminals manage to hijack your WhatsApp account, they can easily scam your contacts and possibly take over the accounts of your friends and family as well.

I’ve been a victim of WhatsApp fraud, what can I do?

If you have been a victim of WhatsApp fraud, it is important to remain calm and report the incident to your bank and the police.

Depending on the circumstances, it may be possible to reverse the payment, but individuals must act quickly. Wire transfers are harder to recover, and online payment services or apps can complicate the process.

Even if a refund is not issued, the bank will investigate the fraud claim to protect customers and prevent future fraud. Reporting scams to WhatsApp and AnyScam is also recommended, and national help groups for victims of fraud can assist individuals in dealing with the process and preventing future fraud.

Edinburgh tech talent Eleanor Sim wins at 2023 FDM everywoman in Technology Awards

Celebrating the Achievements of Women in Technology
The 2023 FDM everywoman in Technology Awards winners unveiled

The winners of the 14^th annual FDM everywoman in Technology Awards have been announced.

The awards celebrate the tech industry’s most exceptional talent recognising all stages of the career journey from apprentices to C-Suite, creating role models to inspire the next generation from the UK and beyond.

The FDM everywoman in Technology Award winners were announced at a ceremony in London on 9^th March where 500 cross-industry tech leaders came to network and celebrate these exceptional women.

CYBER SECURITY AWARD – sponsored by BAE Systems

Awarded to a woman who is excelling in her role and making a tangible difference to her business in the field of cyber security

Eleanor Sim, Director Cyber Security Strategy and Architecture at Bupa, from Edinburgh

A lifelong technologist and passionate advocate of women’s careers in tech, Eleanor began her career as a security researcher at the National Cyber Security Centre (previously CESG) in Cheltenham, having achieved a first-class degree in Computer Science and AI.

It was here that Eleanor helped found Cyber First Girls a competition for UK schools, inspiring the next generation of young women to consider a career in cyber security.

Following a fulfilling and successful career in Government, she took on the role of Head of Security Architecture at NatWest Group, before moving on to become Director for Security Strategy and Architecture at Bupa in 2021.

Working for one of the world’s largest healthcare companies, she spearheads the security of business-critical projects and innovations that are improving the health outcomes of millions of customers, alongside her inspirational leadership and advocacy of both women in technology and Bupa’s Pride network.

Maxine Benson MBE, Co-Founder of everywoman comments: “Since 2011, The FDM everywoman in Technology Awards are both a recognition and a celebration of the impact women are having on the technology industry worldwide and the diverse, fulfilling, and exemplary careers that women can have in technology.

“Over the past 14 years, the accomplishments, and stories of these talented women have and will continue to inspire future generations to pursue a career in an industry where women are underrepresented. Each winner is a role model whose remarkable achievements showcase the vital advancements technology has in saving, transforming, and improving lives, while also positively impacting the planet and ensuring the future of tech grows ever more diverse and inclusive.”

Mary Haigh, Chief Information and Security Officer at BAE Systems, said: “Cybersecurity underpins the digital revolution. It’s a challenging field requiring the most diverse and creative teams. That’s why we want to get more women into technology roles, so sponsoring this event made perfect sense.

“We send our best wishes and congratulations to all those shortlisted for this important award, which celebrates women making a tangible difference to their organisation in the field of cybersecurity. My own grandmother was called up to serve as a radio interceptor for Bletchley Park, reminding me that inspiring women, though often hidden, have been at the forefront of the digital revolution from the very start.”

Cyber security expert warns students of detrimental impact of gaming addiction on university experience

As new university students are beginning their first year, the habits of their childhood could have serious impacts on their studies and social life; gaming.

Unhealthy gaming habits are becoming more prevalent in students to the extent that the World Health Organization has classed gaming addiction as a disorder. While playing games can improve hand-eye coordination, excessive gaming, or internet gaming disorder (IGD) can severely affect your physical and mental health and ultimately impact your studies.

With this in mind, cyber security experts at VPNOverview have identified the warning signs, consequences, and the best ways to deal with gaming addiction. Acknowledging the warning signs of gaming addiction early can prevent any physical or mental symptoms from worsening over time.

What is video game addiction?

Video games are designed to be addictive. They immerse the player with realistic graphics, compelling sound effects, engaging storylines, and haptic feedback. The possibility that a person can become addicted to video games has been a debate for many years.

The American Psychiatric Association acknowledges that games trigger specific neurological pathways that stimulate pleasure and reward. In extreme cases, playing video games affects the brain in much the same way as alcohol, drugs, and gambling.

This being said, there is a big difference between excessive gaming and video game addiction. It’s important not to panic that you are becoming addicted to gaming unless particular symptoms develop over a long period.

If you feel as though you have demonstrated these three symptoms for at least 12 months, video game addiction may be present:

Impaired control over gaming: The inability to control the urge to play a video game
Increased priority is given to gaming: Gaming takes precedence over any other interest or daily activity
Continuation or escalation of gaming (despite harmful consequences to academic performance, work, social relationships, or health)

What are the warning signs of video game addiction?

According to The American Psychological Association, video game addiction is built on the need to spend more time gaming games.

Withdrawal symptoms are a warning sign of video game addiction. When depriving yourself suddenly of the possibility of playing video games, even for a short amount of time, sadness, irritability, and anxiety are typical withdrawal symptoms.

In addition to these symptoms, less obvious clues may include:

Forgoing basic needs such as eating, sleeping, and taking care of personal hygiene
Loss of interest in other activities, social life, hobbies, and friends
Performing poorly at university due to an inability to focus
Lying to family/housemates about the time spent gaming
Ignoring problems caused by video games

What are the consequences of video game addiction?

In 2020, the most extensive study ever conducted on teenage video game addiction, examining trajectories of pathological video game symptoms over six years, found that 10% of the group of adolescents studied showed physical and mental signs that got worse over time because of playing video games.

Physical effects of gaming addiction

Below are the associated physical risks associated with gaming addiction. These can all be worsened by excessive drinking, poor diet, and lack of sleep typical in university students:

Lowered immune function due to chronic stress
Sedentary lifestyle; lack of physical exercise, weight gain, poor posture, and a higher risk of type two diabetes
Seizures from exposure to flickering graphics and lights
Migraines
Insomnia and chronic fatigue
Poor personal hygiene
Repetitive stress injuries in wrists or hands, including Carpal Tunnel Syndrome
Disrupted eating habits
Myopia and other eye conditions
Disrupted sleep

Mental effects of gaming addiction

Video game addiction does not only affect a person’s emotions but also their nervous system. Increased levels of cortisol, also known as the stress hormone, are produced in gamers because of constant overstimulation and hyperarousal. This can cause chronic stress and can lead to the following:

Depression
Anxiety
Lack of concentration
Difficulty managing impulses
Hostility and aggression
Lack of social engagement
Decreased levels of creativity and passion

How to deal with video game addiction?

It is important for students to manage their gaming time effectively, as the compulsion to play can overshadow the heavy workloads that many students face. Below is a list of things you can do to manage unhealthy gaming habits:

Complete your assignments first – Studies have shown that student gamers spend 30% less time reading and 34% less time on coursework. It is essential that gamers set up a healthy routine that only allows game time once they have completed the necessary work, almost like rewarding yourself.
Get exercise– Exercise is very beneficial when reducing stress and improving sleep quality. Keeping active can come in the form of a sociable team sport that will keep you active whilst allowing you to make new friends.
Don’t lose sleep – Studies have shown that 24% of adolescents are gaming past 9 pm. Gaming late into the night has been associated with higher levels of daytime sleepiness and an increase in the time it takes to fall asleep, particularly if games are violent. Sleep deprivation can cause a decline in memory and concentration levels, a big problem for students trying to absorb information, take exams and write essays.
Don’t spend too much time alone in your room gaming – Isolating yourself will only inhibit forming relationships and friendships with the people around you. Social interactions and making friends are imperative to the university experience as you are building a support network to help you through stressful times. Keeping your game in a communal space will encourage more socialising and stop you from appearing unapproachable and isolated.

An expert from VPNOverview commented on the study: “While gaming addiction is rare, excessive gaming is widespread and can negatively affect a student’s mental and physical health. Factors such as loneliness, anxiety, and stress worsen unhealthy gaming habits.

“Students who are perhaps shy and less likely to engage in typical university social events are more likely to develop unhealthy gaming habits. Putting yourself out there and being sociable will help you to form relationships and make the university experience more enjoyable. Reducing the amount of time spent gaming will also have a positive impact on university grades.”

VPNOverview.com are a dedicated team of cybersecurity and privacy professionals offering guidance on these topics in the most accessible way possible.

Cyber security boost: Training to help safeguard Scottish organisations

A £500,000 contract to extend cyber resilience training to more than 250 organisations across the country has been awarded by the Scottish Government.

The grant will enable the Scottish Business Resilience Centre (SBRC) to run online and in-person workshops for public services and third sector health, housing, and social care bodies to ensure they are better prepared and protected.

Scotland has been subject to a number of disruptive large scale cyber-attacks in recent years with developments in Ukraine and the recent COVID lockdown exacerbating the situation.

The training, which has already benefited 450 organisations, includes mock scenarios such as a third-party software compromise, a ransomware attack and a threatened sensitive data leak.

It is hoped more than 250 organisations will benefit from the training programme, which comes ahead of a major summit in Edinburgh as part of European Cyber Security Month in October.

Justice Secretary Keith Brown, who will address the event, said: “We have all seen the devastating impact of an organisation falling victim to a cyber-related incident, so extending training to make more people aware of the risks is absolutely crucial.

“The Scottish Government is committed to ensuring Scotland leads the way in cyber resilience and security.

“This extended training will help many more organisations to stave off the threat of an attack, and protect against disruptive and costly data breaches.

“The workshops provide practical guidance to mitigate or respond to hostile cyber-attacks. I would urge eligible organisations to take up this opportunity to ensure they are protected.”

Jude McCorry, Chief Executive Officer of the SBRC, said: “There is no denying that the ongoing pressure facing everyone from a cyber-perspective has increased massively in recent years. Just as we see one organisation recover from the grips of a cyber-incident, another is targeted.

“It is also now believed that cyber criminals have targeted more than three-quarters of public sector organisations and, closer to home, we have seen this play out with a number of disruptive large-scale attacks already in Scotland.

“We don’t want to see more Scottish organisations fall victim to these attacks and that is why upskilling and awareness programmes continue to be so vital.”

SBRC will deliver the National Cyber Security Centre’s (NCSC) ‘Exercise in a Box’ programme on behalf of the Scottish Government. It has already upskilled 450 organisations across Scotland since being launched in 2020.

Organisations interested in learning more about ‘Exercise in a Box’ are invited to attend a taster session on 25 August. Find out more or register here.

Top five cyber-resilience tips

1 Improve password security:

Creating strong, separate passwords and storing them safely is a good way to protect yourself online.

Use a strong and separate password for your email.

Weak passwords can be hacked in seconds. Make yours strong, longer and more memorable by combining three random words that you can remember.

2 Save your password in to your browser:

This is safer than re-using the same password for all your accounts. Save them to secure them.

3 Turn on 2-Step Verification:

Two step verification protects you with a second layer of security that checks it’s really you logging in. Think of it as a double lock for your data. Be doubly sure.

4 Update your devices:

Cybercriminals exploit weaknesses in software and apps to get your information. Updating fixes those weaknesses. Think of update reminders as an alarm telling you to act. Stay secure. Update regularly.

5 Back up your data:

If your phone, tablet or laptop is hacked, you could lose all your personal files including photos and videos. Keep everything secure by backing up. Back it up, keep it secure.

Keep your child safe online during the summer holidays

During the summer holidays, children will inevitably have more access to screen time, especially in the form of the internet. Internet safety has become an increasingly worrying problem amongst parents.

Internet expert Allison Troutner from VPNOverview.com has listed the best ways to keep your child safe online:

1. Consider a family ‘tech agreement’

One way to set ground rules with your child is to create a Family Tech Agreement. A family tech agreement answers as many questions as possible about internet and device use so boundaries are clear to all family members. It’s a good way for the whole family to talk about safe and responsible online behaviours.

To create a family agreement, discuss topics like:

What apps, games, or sites does the family use most?
What rules do we want to include in our agreement?
How long should we spend on our devices?
What information is safe to share (or not)?
What do we do if we see something inappropriate?
What email address do we use to sign up for accounts?
Do we know how to use in-app safety features like blocking and reporting?
Who can we talk to if we feel uncomfortable with something online?
Who is safe to talk to?
What happens when someone breaks the agreement?
When might parents be forced to break the agreement for safety?

This is a starting point: your family may discuss more topics on internet safety for kids depending on the ages of your child or teens and what devices you use.

2. Report any harmful content that you see

Flag or report all harmful content or contact you or your child experiences using social media apps using in-app reporting features. For cybercrimes, cyberbullying, or harmful content, use in-app features like Twitter’s safe mode to report it. Most social media companies have their own safety and privacy policies and will investigate and block content or users. Apps geared towards kids, like Facebook Messenger Kids, have clear guidelines and safety features so that users can block content or contacts and have a safer experience in the app.

3. Balance safety with independence

Technical controls can be a useful way to protect your children online but they can’t solve all your problems. Children need a certain amount of freedom and privacy to develop healthily. They need their own free space to learn by trial and error what works and what doesn’t. So keep balancing, it’s part of it. Having open and honest conversations with your children can be the best way to balance this safety.

4. Keep the computer in a common space

If possible, keep computers and devices in a common space so you can keep an eye on activity. It prevents children from doing things that might be risky. Also, if harmful or inappropriate content appears through messages, you can address it with your child straight away.

5. Password-protect all accounts and devices

From phones to computers to apps, put a password on it. That way, no one without the password can access you or your child’s device. Keep track of passwords by using a password manager.

6. Update your operating systems regularly

All of your devices from mobile phones or tablets to computers and smartwatches receive important updates in response to security issues on a regular basis. Be sure to install them regularly so you have the most up-to-date security fixes and remain safe online. Our recommendation is to set updates to install automatically so your device is less vulnerable to known attacks. Usually, you can find this feature in Settings, then select Automatic Updates, but it varies between devices.

7. Install security or antivirus software programs and a VPN on your computer

Additionally, cybersecurity or antivirus software programs prevent spyware or viruses that may harm your computer if your child visits a malicious site. Using these programs, parents can also set up regular virus checks and deep system scans to make sure there is no harmful activity happening under your nose.

A VPN hides users’ internet activity from snoops and spoofs your location. This protects your kids by making sure hackers or predators can’t detect their actual location. You can install a VPN on your router so that the location is spoofed on all connected devices.

8. Set parental controls

It may seem obvious, but parental controls are crucial to your child’s safety online. Parent controls are built-in features included on devices and apps. With these features, parents customise their child’s online experience. What parental controls are available on each device or app varies, but in general, they limit screen time, restrict content, and enhance user privacy.

Features of parental controls:

Limit screen time.
Turn off in-app purchasing.
Prevent inappropriate or mature content.
Limit website access.
Play, message, or send/receive content with approved contacts only.
Monitor device location through GPS.

Take time to look at what parental controls are available on your child’s commonly used apps. Then, set them to reflect the type of experience you think is best for your child or teen’s online safety.

Double funding success for Napier cyber security ventures

Backing for TrueDeploy and Trustd from the CyberASAP programme

TWO projects from Edinburgh Napier’s School of Computing have won funding from a programme which develops innovative cyber security ideas for the commercial market.

TrueDeploy and Trustd are being supported by CyberASAP, which is itself funded by the UK Department for Digital, Culture, Media and Sport working with Innovate UK.

CyberASAP creates a pipeline to commercialise innovations from university labs, providing academics with the expertise, knowledge and training needed to convert their research into technologies, products and services.

The University’s TrueDeploy project, which is developing innovative technology to bring trust and transparency to the software supply chain, has already received backing from Scottish Enterprise as part of its High Growth Spin-out Programme. Now it has been awarded £31,973 for the next four months as part of CyberASAP phase one.

The dominance of open-source software and the interconnectedness of software between organisations has raised cybersecurity risks in the software supply chain.

Potentially ruinous attacks can occur when a threat actor infiltrates and compromises software being developed by a software vendor in the long chain that exists from code being written to it being distributed to a customer.

TrueDeploy aims to bring trust to the software supply chain with a novel combination of blockchain, credential management and access control technologies.

Research student Pavlos Papadopoulos, who leads the TrueDeploy technical team, said: “We greatly appreciate Innovate UK’s support and the opportunity to participate in the Cyber security Academic Startup Accelerator Programme 2022-23.

“In the next few months, during this programme, we will investigate more deeply TrueDeploy’s value proposition, validate our chosen market, and develop our novel solution further in combination with the Scottish Enterprise High Growth Spin-out Programme’s continuous support.”

Web3 is an idea for a new iteration of the World Wide Web based on blockchain technology, which incorporates concepts including token-based economics and decentralised applications (DApps).

While an effective way for users to control their own data and digital assets, Web3 has not been widely adopted yet due to the complexity of managing users’ wallets which allows them to access these DApps.

The “Trustd: Decentralised, trustworthy, and reliable digital assets custody solution” project is working to address the inherent challenges in establishing security protection for users’ wallets, and has been awarded £29,365 as part of CyberASAP phase one.

School of Computing lecturer Dr Zakwan Jaroucheh said: “Participation in CyberASAP is a great opportunity. It will allow us to validate our value proposition and the market need for a decentralised digital assets custodial solution to advance Web3 mass adoption.”

University team unveil data set to bolster research into ransomware detection

Newly-published paper details the creation of NapierOne

Cyber security experts at Edinburgh Napier have created a new data set which will support cutting-edge research into ransomware detection.

Ransomware – malware that encrypts files, giving the attacker scope to demand a ransom to restore access – has become a popular and potentially lucrative method of attack for cyber criminals.

However, newly-created NapierOne (www.napierone.com) is now available to help test and evaluate new detection methods, amid concerns that previous data sets used in digital forensics research have become outdated.

The new openly accessible ready-to-use data set will improve consistency by using standard formats allowing earlier studies to be replicated. As such it will improve the pace and direction of research into ransomware, and could help find robust solutions to the threats it poses.

NapierOne’s creators also believe it is generic enough to support many other fields of research that require a varied mix of common files.

Govdocs1

The most well-known publicly available data set used in malware analysis to date has been Govdocs1, now more than a decade old.

It was designed to help reproduce forensic research, but doubts have emerged about how well it reflects current usage, with some increasingly popular file types not being well represented.

And where there have been a lack of useful data sets available to researchers, they have often developed their own and have not distributed them when their work is complete.

In a new paper published in Forensic Science International: Digital Investigation, Edinburgh Napier PhD research student Simon Davies and senior computing academics Professor Bill Buchanan and Associate Professor Rich Macfarlane detail the creation of NapierOne as a complement to Govdocs1.

Their research identified popular file formats for inclusion as they set about creating a data set containing more than 500,000 unique files distributed between 100 separate data sets and subsets.

The paper describes how specific file types were selected, how examples were sourced and how researchers are able to gain free, unlimited access to the data.

The authors see NapierOne as a starting point for an ongoing project which will grow and develop as other researchers provide additional data sets that can be incorporated into it.

Simon Davies said: “It is hoped that the adoption of the NapierOne data set into the implementation, development and testing lifecycles of new ransomware detection techniques will streamline and accelerate the development of more robust and effective detection techniques, allowing independent researchers to reproduce and validate proposed detection methods quickly.”

Associate Professor Rich Macfarlane said: “Ransomware has been around for many years – encrypting and deleting users’ files and demanding a ransom from the victim. It has become increasingly common and its sophistication has increased significantly, leading to it currently being the biggest cyber security problem globally.

“This work aims to provide a research data set allowing scientific rigour in research towards fighting the ransomware problem. The data set has been created and successfully used in our ransomware detection research.

“Containing over half a million unique files representing real world file types, it is broad and diverse enough to be used in a range of cyber security and forensic research areas.

“We hope the data set will have the same global research impact as the Govdocs1 work.”

Professor Bill Buchanan said: “There are few areas of cyber security that need more of a scientific base than in digital investigations, and thus there exists a need to make sure investigators have appropriate tools that have been verified and properly evaluated. This data set provides a foundation for researchers to prove their new methods, and thus further support innovation in the area.

“The UK is becoming an international leader in the field of safe technology – which involves the development of tools to support digital investigations and threat detection – and this research showcases the development of a strong scientific base.”

Why being hacked can be good for your business

Businesses are taking cybersecurity more seriously than ever. In 2021, executives ramped up their cybersecurity spending in response to the explosion of cyber-attacks exploiting lockdown remote working.

Despite this, the frequency and severity of security breaches has only increased, with small to medium businesses in the UK subject to an astonishing average of 10,000 attempted cyber-attacks a day.

Successful attacks breach sensitive data, and recovery can result in severe financial losses, sometimes millions of pounds, for affected businesses.

So, what is going wrong?

Cybersecurity experts agree that one of the biggest issues is that businesses are not spending their security budgets in the right places.

Anthony Green, CTO of cybersecurity consultants FoxTech, works to prevent cyber-attacks, and helps companies who have experienced a security breach: ““What we are seeing is that usually, IT strategies fail when businesses don’t actually know what their weaknesses are – or indeed don’t realise they have any at all.

“Many companies believe their networks are secure because they have outsourced their IT or installed an anti-virus package. Unfortunately, this is like going on holiday and locking your front door, but leaving all your windows wide open – traditional security methods are not comprehensive, and hackers can easily find and exploit your remaining vulnerabilities.”

This is where ethical hacking, also known as penetration testing, comes in. Ethical hacking is when an accredited cybersecurity consultancy carries out a simulated cyber-attack against your computer system.

Penetration testers can identify exploitable flaws in bespoke software, carry out scenario testing to discover how incidents, such as a compromised DMZ host, impact on your security, and test your businesses’ response capabilities to attack or temporary vulnerability.

Anthony comments: “It’s impossible to take the right cybersecurity actions without knowing what your problems are. This is why penetration testing really is crucial.

“Subjecting your IT infrastructure to ethical hacking by someone who isn’t going to steal your data is one of the best things you can do to prevent a real hacker gaining access. Initially, companies can find it hard to believe that hacking could ever be ethical, let alone good for their business – but it is the best way to find out exactly how vulnerable your business is to an attack.”

Once penetration testing has shown you where your weak spots are, and what methods hackers could use to exploit them, the next step is to fix, secure and block these paths to access.

Most companies’ current IT protection plans focus only on the last step – blocking access – without necessarily knowing exactly where that access is.

Any kind of vulnerability assessment like penetration testing provides an exciting opportunity to find out if your business and your data is properly protected from attack, and should be seen as an essential aspect of any good cybersecurity strategy.

Enterprise backing for project to protect software supply chain

New cyber security venture from School with record of successful spin-outs

A NEW Edinburgh Napier project aims to bring trust and transparency to the software supply chain, as the School of Computing continues its drive to translate innovative research into real world impact.

The TrueDeploy venture has received £73,418 funding from Scottish Enterprise, as part of its High Growth Spin-out Programme (HGSP), to help develop the project’s innovative technology.

In setting its sights on the multi-billion pound industry to secure software development supply chains, TrueDeploy is following in the footsteps of Edinburgh Napier cyber security spin-outs ZoneFox, Symphonic Software, Cyan Forensics and MemCrypt which have already successfully made the leap from research lab to market.

The software supply chain relates to the development and supply of software for use across all organisations and systems. This supply chain needs to be managed by organisations that use software due to regulatory requirements and the obligations to ensure their systems are not compromised.

Recent high-profile cyber-attacks, including SolarWinds, Kaseya, and NotPetya, have cost companies and nation-states billions of dollars. Each of these attacks had the same underlying issue, in that they were possible because a threat actor managed to infiltrate and compromise software that was being developed by a software vendor in the long chain that exists from code being written to it being distributed to a customer.

Potential future spin-out TrueDeploy, which aims to resolve these issues by bringing transparency to the software supply chain, has been developed by a technical team led by research student Pavlos Papadopoulos.

He is working alongside the School of Computing’s Dr Nick Pitropakis and seasoned cyber security innovator Professor Bill Buchanan. The technical team will be supported on the project by a core business team of Nanik Ramchandani (Imagine Ventures) and Matthew Burdge (Business Development & Relationship Manager, School of Computing).

With Scottish Enterprise’s support, the team is aiming to develop their innovative technology over the next nine months.

Pavlos Papadopoulos, whose research work is focused on privacy-preserving systems around trust and identity, said: “We are thankful to Edinburgh Napier and Scottish Enterprise for their continuous support.

“This funding is the first step in bringing this innovation to reality.”

Nanik Ramchandani added: “We sincerely appreciate the support provided by Scottish Enterprise to the start-up ecosystem in Scotland.

“This support will help us identify the ideal commercial opportunity for TrueDeploy’s ground-breaking innovation.”

Victoria Carmichael, director of strategic investment at Scottish Enterprise, said: “Cyber security is a major issue facing society today and this project has the potential to be hugely impactful.

“Our High Growth Spin-out Programme helps turn innovative university research into successful business ventures. To date we’ve supported four cyber security spin outs from Edinburgh Napier, with TrueDeploy becoming the fifth, which speaks volumes about the university’s academic and commercial capabilities.”

Fiona Mason, Head of Business Engagement and IP Commercialisation at Edinburgh Napier, said: “We are thrilled to receive this recognition from Scottish Enterprise on another exciting venture arising from our cyber group.

“The project has benefitted from seed funding, and the inventor has worked closely with both the Business Development support, Matthew Burdge, and our Royal Society-funded Entrepreneur-in Residence, Jamie Graves, to develop the project to the high standard required by SE.

“We value the long-term platform the funding provides, both in terms of project development but also the access to networks, training and mentoring support.”