Enterprise backing for project to protect software supply chain

New cyber security venture from School with record of successful spin-outs

A NEW Edinburgh Napier project aims to bring trust and transparency to the software supply chain, as the School of Computing continues its drive to translate innovative research into real world impact.

The TrueDeploy venture has received £73,418 funding from Scottish Enterprise, as part of its High Growth Spin-out Programme (HGSP), to help develop the project’s innovative technology.

In setting its sights on the multi-billion pound industry to secure software development supply chains, TrueDeploy is following in the footsteps of Edinburgh Napier cyber security spin-outs ZoneFox, Symphonic Software, Cyan Forensics and MemCrypt which have already successfully made the leap from research lab to market.

The software supply chain relates to the development and supply of software for use across all organisations and systems. This supply chain needs to be managed by organisations that use software due to regulatory requirements and the obligations to ensure their systems are not compromised.

Recent high-profile cyber-attacks, including SolarWinds, Kaseya, and NotPetya, have cost companies and nation-states billions of dollars. Each of these attacks had the same underlying issue, in that they were possible because a threat actor managed to infiltrate and compromise software that was being developed by a software vendor in the long chain that exists from code being written to it being distributed to a customer.

Potential future spin-out TrueDeploy, which aims to resolve these issues by bringing transparency to the software supply chain, has been developed by a technical team led by research student Pavlos Papadopoulos.

He is working alongside the School of Computing’s Dr Nick Pitropakis and seasoned cyber security innovator Professor Bill Buchanan. The technical team will be supported on the project by a core business team of Nanik Ramchandani (Imagine Ventures) and Matthew Burdge (Business Development & Relationship Manager, School of Computing).

With Scottish Enterprise’s support, the team is aiming to develop their innovative technology over the next nine months.

Pavlos Papadopoulos, whose research work is focused on privacy-preserving systems around trust and identity, said: “We are thankful to Edinburgh Napier and Scottish Enterprise for their continuous support.

“This funding is the first step in bringing this innovation to reality.”

Nanik Ramchandani added: “We sincerely appreciate the support provided by Scottish Enterprise to the start-up ecosystem in Scotland.

“This support will help us identify the ideal commercial opportunity for TrueDeploy’s ground-breaking innovation.”

Victoria Carmichael, director of strategic investment at Scottish Enterprise, said: “Cyber security is a major issue facing society today and this project has the potential to be hugely impactful.

“Our High Growth Spin-out Programme helps turn innovative university research into successful business ventures. To date we’ve supported four cyber security spin outs from Edinburgh Napier, with TrueDeploy becoming the fifth, which speaks volumes about the university’s academic and commercial capabilities.”

Fiona Mason, Head of Business Engagement and IP Commercialisation at Edinburgh Napier, said: “We are thrilled to receive this recognition from Scottish Enterprise on another exciting venture arising from our cyber group.

“The project has benefitted from seed funding, and the inventor has worked closely with both the Business Development support, Matthew Burdge, and our Royal Society-funded Entrepreneur-in Residence, Jamie Graves, to develop the project to the high standard required by SE.

“We value the long-term platform the funding provides, both in terms of project development but also the access to networks, training and mentoring support.”

Make sure that Cyber Security is top of your Christmas list

To paraphrase the Christmas song “It’s the most vulnerable time of the year.” Cyber criminals don’t take a holiday, so your chances of being a victim of a cyber attack can increase.  

Christmas holidays are a prime time for criminals to take advantage of. At this time of year, organisations will start to close and will be running with a heavily reduced staff count which can make organisations vulnerable.

Last Christmas Eve, Scottish Environment Protection Agency’s digital systems were held under attack. It knocked several of their key systems offline causing major disruption to their staff and made it difficult for them to do their work.

Does your current security strategy include a plan for cyber attacks during the holidays?

The benefits of having a business community plan are undeniable. When disaster strikes, getting business operations back up and running quickly is crucial. No business is immune to potential threats, no matter how big or small your organisation is.

Make sure you have taken all the necessary steps to secure your IT unfractured ahead of time. From protecting your website, safeguarding your customer details to training your staff it’s time to take a closer look at your organisation’s cyber security.

Take the time now to review your business continuity plan and know where you can seek advice and support should you need it.

Developing a plan

A Cyber Incident Response Plan is a set of instructions that are designed to help you prepare, detect, respond and recover from cyber incidents. Having a plan will outline the recovery process, so that everyone knows what is required of them during an incident. Each department in your organisation should understand the incident response procedure.

Our Cyber Incident Response Pack is an easy-to-follow guide to setting up a cyber incident response plan for your business. It has checklists, action plans, and template documents that you can use today. This will help you identify and prioritise your company’s most valuable assets and links to advice to help you keep them secure.

Regular back-ups

Ransomware has been a growing cyber security threat, and one which could affect any organisation that does not have appropriate defences. Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted.

You should perform a regular back-up of your systems and data, which will enable quick restoration of business functions. Importantly, having offline versions of your backups is your best defence, as you can wipe any encrypted devices and restore from your offline back up.

Read the NCSC’s blog on offline backups for more advice and how to defend your organisation from potential malware and ransomware attacks.

Keep all software up to date

All sorts of electronic devices can hold personal or financial data so it’s important to make sure you secure these devices with strong passwords and update the software regularly.

Companies fix any weaknesses by releasing updates. You should always make sure to install the latest software updates to protect your devices from vulnerabilities. Take some time to review your security settings on all your devices and make sure you’re protected against the latest threats.

Small Business Guide

The NCSC’s Small Business Guide and Small Charity Guide includes simple steps you can take to protect yourself and your business from cyber security risks. Doing these steps will significantly increase your protection from the most common types of cyber crime.

By proactively addressing the cyber security in your organisation, you can enjoy the holidays knowing you have minimized any potential risks.

Who to contact for support

Organisations looking for support and advice can call the free Cyber Incident Response Helpline. This helpline can support organisations that have been a victim of an attack and provide expert guidance to get back to secure operations.

Call the helpline on: 01786 437 472

You can report cyber crime to Police Scotland by phoning 101

Five ways to keep your personal data safe from hackers this Cyber Monday

New research reveals that nearly half (49%) of UK adults have not installed or didn’t know whether their mobile phone has security software. So keeping personal data safe from hackers has never been more important. 

In the wrong hands, stolen data can be used by hackers for illegal activity such as applying for loans or credit cards under a victim’s name, or bank accounts being accessed and money withdrawn.  

To help keep data safe, leading insurance provider, Insurance2go, shares five ways mobile phone users can help to protect personal data stored on their device.

  1. Be cautious of public Wi-Fi 

Using public Wi-Fi is great for those who have a low data allowance, or are running out of mobile data. However, public networks often don’t provide a secure connection, making it easy for hackers to use them to access personal data.  

Hackers targeting public Wi-Fi hotspots are able to use what is known as a ‘man-in-the-middle’ attack, which is when a hacker intercepts financial information, passwords and log-in information through a public network.  

Always avoid using mobile banking apps or making online purchases whilst logged onto a public Wi-Fi network. For those who do need to use public Wi-Fi, use a Virtual Private Network (VPN) app. A VPN can protect data from getting into the wrong hands by encrypting online data and keeping personal information secure when using a public Wi-Fi connection.  

  1. Turn off ‘sharing’ settings when not in use 

Smartphone features that share a location should be used with caution and always turned off when not in use. Features such as Bluetooth, Wi-Fi, location services, mobile data and Near Field Communication (NFC) are susceptible to hacking, especially Bluetooth location services as they transmit a device’s location and presence. 

Hackers can easily get hold of personal information and data through features that mark a phone as ‘visible’, so always make sure to disable such features when they are not needed. 

  1. Only download legitimate apps 

Downloading illegitimate apps is another way to open your personal data up to hackers. Often, apps hosted on some websites or third-party app stores can contain malware and can access data once downloaded. It’s recommended that users only download apps from the official app stores, so App Store for iOS users, Google Play for Android users or the AppGallery for Huawei owners. 

  1. Be wary of app permissions 

When an app is first downloaded, it often asks for ‘permission’ to access certain features or information held on a mobile phone. From the camera roll, to your speaker, location or phone contact list, apps can ask for a range of permissions in order for certain functions to work.  

Be cautious of what information an app is requesting access to and question whether the app actually needs that information. For example, a photo editing app doesn’t need contact list information in order to function correctly, so take the time to properly think about whether or not that information is needed. 

Viral video app, TikTok, recently came under fire for security issues in the US, with reports claiming that the Pentagon warned U.S. military personnel in January to delete TikTok from their phones and India, last month, banned Tik-Tok amongst other apps, over security and privacy concerns so it’s always important to review what permissions are being asked for by an app. 

  1. Avoid using auto-login 

Whilst it’s recommended to have a variety of passwords for online accounts rather than the same password, auto-login gives hackers easy access to personal data by simply opening up an app or webpage. For those likely to forget multiple passwords, note them down in a secure, password protected note on a phone, or in a notebook that is kept secure and stored away. 

And it’s not just using your mobile phone that can open your personal data up to hackers. What happens if your mobile phone is lost or stolen? Insurance2go  shares some useful tips for people who might find themselves in this scenario and want to keep their personal data safe: 

  1. Firstly, report the phone as missing to the network provider, who can suspend or disconnect the service to the phone. This can help stop any authorised use of the phone if it falls into the wrong hands. 
  1. If the mobile phone is known to be stolen, inform the police who will be able to provide a crime number, which can be used if the user needs to inform an insurance provider.    
  1. Most smartphones now have a built in ‘kill switch’, which can allow a user to remotely deactivate a device if it’s lost or stolen. In order to work, the feature needs to be enabled. For iPhone users, the ‘Activation Lock’ can be enabled within the‘Find My’ app to help keep data safe. Firstly, go to the‘Find My’app > Tap thedevices tab and choose which device is lost or stolen, then tap Activate under ‘Mark as Lost’and follow the prompts on screen. Android users can enable the kill switch with ‘Find My Device’. Go to Settings >Google>Security, then turn on ‘Remotely locate this device’and ‘Allow remote lock and erase’
  1. Finally, immediately change passwords for any accounts or apps that can be accessed on the mobile phone. Prioritise any important accounts first, such as online banking and other associated accounts. 

Richard Gray, Head of Marketing and Digital, at Insurance2go said: “Our mobile phones are home to lots of stored data and without correctly protecting your personal information, it could easily land in the wrong hands. 

“‘SIM-jacking’ is a common method where hackers are able to use stolen data to obtain a Porting Authorisation Code (PAC). This can then be used to switch the victim’s phone number to another phone on another network, helping them gain access to a range of personal data and information, often including banking details. 

“Protecting data stored on a mobile phone is extremely important. Hackers are often creating new ways to get a hold of our data, so we hope that by sharing our tips, we can help people avoid getting caught out by fraudsters.” 

To find out more about VPNs and how to protect data whilst on a public Wi-Fi, please visit: https://www.Insurance2go .co.uk/about/news-blog/blog/everything-you-ve-ever-wanted-to-know-about-vpns 

The Big Data Show: young people learn cybersecurity through interactive drama

A ground-breaking interactive show for young people which uses real-life gaming to explore cyber security.

www.civicdigits.com

 

The Big Data Show (TBDS) is a ground-breaking immersive experience for young people (S1) weaving theatre and gaming together to explore cyber security and data citizenship.

It is about cyber resilience and being a citizen in the digital age. It is about knowing who knows what about you, what you are ‘agreeing’ to when you download an app, how to live with the challenges of social media…and it’s a lot of fun.

It is also a drama about the first prosecuted cyber hack in the UK. Co-written by internationally acclaimed playwright Clare Duffy and Rupert Goodwins, one of the young hackers involved in gaining access to Prince Philip’s BT email in the 1980s, and now a technology journalist.

Kate Forbes MSP, Minister for Public Health and Digital Economy, Scottish Government said: “The Big Data Show supports the Scottish Government’s ambitions to raise the public’s awareness of cyber threat.

“Not only does it help ensure young people are clued up about the risks associated with sharing data online but it also gives them the valuable chance to learn about careers in cyber security.”

“The Big Data Show plugs very acutely and vividly right into the Scottish Government’s ambitions to raise the public’s awareness of cyber threat.”

– Daniel Sellers, Cyber Resilience Scottish Government.

The Big Data Show will open at Perth Theatre in June 2020 and move to the Royal Lyceum Theatre Edinburgh – with plans to then tour the North of England.

The performances in June and July, which are solely for schools, are supported by advance workshops in the spring and followed up with workshops in the autumn. Booking for the whole project opens in September 2019.

The Big Data Show uses live performance, bespoke mobile gaming and digital tricks delivered to audience members’ handsets, inspiring greater understanding and engagement with our future as ‘digital citizens’ in the 21st century.

The gaming technology involved has been developed and produced by Dundee-based studio Orthrus.

Having already developed and rigorously tested the control system and digital assets with a prototype version of the project and evaluated the learnings, Civic Digits Theatre Company is ready to bring the full version to schools across the UK in 2020.

“The whole premise of using a phone to talk about online security was brilliant. The pupils were hooked.” – Sarah Macdonald, Drama Teacher, Community School of Auchterarder (Phase 2 feedback)

Outcomes of The Big Data Show and its workshops include: 

  • S1 pupils have a greater understanding of the social, cultural and political implications of our relationship with data and digital technology, particularly including cyber bullying and questions about privacy.
  • S1 pupils have a greater understanding of the potential of data and digital technology as opportunities for creativity;
  • S1 pupils feel excited about theatre as a 21st Century storytelling medium.
  • S1 pupils are inspired to think about careers in data and cyber security.

Pupils “became much more aware of the amount of data gathering going on in the background without them giving explicit permission and this was a shock to them.” Mrs Hollas, Drama Teacher, Perth Academy.

The Big Data Show has been shown to improve participants’ data literacy via quantitative evaluation carried out by Dr Alasdair Rutherford at Stirling University.

All participating schools will also receive CPD (continuing professional development) sessions and access to a teachers’ pack to support the cross-curricular learning promoted by this project.

“The Big Data Show took young people through a powerful process of experiential learning. The ‘shock factor’ created by the show encouraged young people to critically reflect on the data they are sharing with tech companies and the potential personal consequences.” Liz Green, YouthLink Scotland

“It is a really important topic, that’s not being explored enough in ways that pupils are willing to listen, the whole premise of it, using their own phones, they were hooked. I liked the fact that you used tech to talk about tech, very collaborative and all the surprises!”

“I’m really looking forward to seeing the whole project taking off. It’s going to be fab. I’m really passionate about this.”  Drama Teacher, Perth and Kinross

The Big Data Show by Clare Duffy and Rupert Goodwins is produced by Suzy Glass for Civic Digits, with co-producers Perth Theatre at Horsecross Arts and Unlimited Theatre.

It is funded by Creative Scotland, Scottish Government and the Garfield Weston Foundation.

Diverse group of participants get cyber security taster

Link-up between Scottish Government, Edinburgh Napier and charities increases awareness of career opportunities

 

A diverse group of participants have received an insight into the cyber security industry thanks to a new link-up between the Scottish Government, Edinburgh Napier and two leading charities. Continue reading Diverse group of participants get cyber security taster

Edinburgh Napier: Le Tour de Hack cyber event is coming to town

Students and young professionals join to shine spotlight on cyber security

Students and young professionals will get the chance to test their cyber skills when a leading industry event returns to Edinburgh next month. Continue reading Edinburgh Napier: Le Tour de Hack cyber event is coming to town

I Spy: GCHQ and National Cyber Security Centre certify university course

EDINBURGH Napier’s work to train the next generation of cybersecurity experts has been endorsed by the Government organisation aiming to make Britain the safest place to work and do business online. Continue reading I Spy: GCHQ and National Cyber Security Centre certify university course

Europe’s first blockchain research facility to drive innovation

Blockpass IDN, the blockchain-based identity application provider for regulated services and the Internet of Things (‘IoT’), is pleased to announce that it has opened the Blockpass Identity Lab (‘BIL’ or the ‘Lab’), a pioneering new blockchain research facility, in collaboration with Edinburgh Napier University.

The research laboratory, built at Edinburgh Napier University’s Merchiston campus, is part of a £600,000 collaboration between the two organisations. Continue reading Europe’s first blockchain research facility to drive innovation

Scotland encouraged to take part in Cyber Awards

People from Edinburgh working to better the country’s approach to cyber security are being urged to apply to the Scottish Cyber Awards – with the application deadline looming. To reflect the indiscriminate and nationwide cyber threat, it is being hoped that the awards – now in their third year – will be the biggest and most diverse to date.  Continue reading Scotland encouraged to take part in Cyber Awards

Talking about a revolution

Conference will take cyber security expertise around the planet

School of Computing SoC lab

Edinburgh Napier University is to launch a global cyber security event which features expert speakers in six different time zones. The focus of ‘Cybersecurity Revolution’ will move from Scotland to Canada, then back to Europe via South America and the Far East, using the power of the internet to showcase cutting edge research as it follows the sun for 24 hours. Continue reading Talking about a revolution