Pat McFadden: Cyber attacks are “wake up call” for businesses

Pat McFadden, Chancellor of the Duchy of Lancaster, will set out what action the government is taking to improve cyber security in a speech next week

  • Pat McFadden led briefing with national security officials and National Cyber Security Centre CEO on Friday about support being provided to retailers
  • He will use keynote speech at CyberUK to say “companies must treat cyber security as an absolute priority”
  • Comes as National Cyber Security Centre works closely with affected organisations to provide expert advice and support 

In the wake of a wave of cyber attacks on retailers, Pat McFadden will set out what action the government is taking to improve the country’s cyber security in a speech next week, as the government secures Britain’s future through the Plan for Change.

Recognising the impact such attacks have on working people as they go about their daily lives, the Chancellor of the Duchy of Lancaster will highlight moves to “bolster our national defences” including through the Cyber Security Bill.

It follows a briefing he led with national security officials and NCSC CEO Richard Horne on Friday about the recent hacks and expert support being provided to retailers.

In the keynote speech at the CyberUK conference in Manchester next week, the Chancellor of the Duchy of Lancaster will say: “These attacks need to be a wake-up call for every business in the UK.

“In a world where the cybercriminals targeting us are relentless in their pursuit of profit – with attempts being made every hour of every day – companies must treat cyber security as an absolute priority.

“We’ve watched in real-time the disruption these attacks have caused – including to working families going about their everyday lives. It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We have to treat our digital shop fronts the same way.”

The National Cyber Security Centre (NCSC) is working closely with organisations that have reported incidents to them to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

They’re also urging leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.

In his speech next week, Pat McFadden will encourage firms from all sectors to consider what cyber protections they have in place.

In a message to business leaders across the UK, he will say: “We are ready to support you. The National Cyber Security Centre is standing ready to support businesses and provide advice, and guidance, on how to raise the cyber security bar.”

Pat McFadden will set out the action the government is taking to boost the country’s cyber protections. He will say: “We’re modernising the way the state approaches cyber, through the Cyber Security and Resilience Bill. That legislation will bolster our national defences.

“It will grant new powers for the Technology Secretary to direct regulated organisations to reinforce their cyber defences It will require over 1,000 private IT providers to improve their data and network security.

“It will require companies to report a wider array of cyber incidents to the NCSC in the future – to help us build a clearer picture of who, and what, hostile actors are targeting.”

Last month (April) the government launched a Cyber Governance Code of Practice. This is a package of measures which shows boards and directors how they can manage digital risks and protect their businesses and organisations from cyber attacks.

It covers a range of areas, including having robust cyber strategies in place, promoting a culture in workplaces so all employees are aware of the potential cyber risks they could face in their daily work, and having incident response plans in place which will mean organisations can respond quickly to cyber incidents as they occur.

Small businesses looking to strengthen their online defences are also encouraged to engage with the NCSC’s Small Business Guide, which provides quick and easy actions to help bolster their defences and support through the Cyber Local scheme, which provides tailored funding to boost regional cyber skills.  

The National Cyber Security Centre is working with a number of major UK retailers who have been affected by recent incidents.

NCSC CEO Dr Richard Horne said: “The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

Public urged to protect themselves from online sales scams

The UK government has urged the public to protect themselves from online sales scams through five actionable steps.

The public must be vigilant in protecting themselves from the threat of online scammers during the Boxing Day sales, the Government has urged today (26 December) after a year which saw a record number of cyber attacks and online scams.

Reports to Action Fraud, the national reporting centre for fraud and cyber crime, reveal that almost 100,000 people in the UK have fallen victim to online shopping fraud in the past 13 months – with over £60 million being reported lost, leading to this call to action for the public to take five simple steps to protect themselves and their families from fraudsters.

Traditionally, Boxing Day marks one of the busiest days on the high street for retailers, however in recent years more people have been shopping online – with Barclaycard estimating £2.7 billion was spent online by UK shoppers on Boxing Day 2020, an average of £162 per shopper.

The National Cyber Security Centre (NCSC) is encouraging people to shop online securely by following five actionable steps:

  1. Keeping accounts secure – strong and separate passwords should be used for the most important online accounts, including email, banking or payment accounts (such as PayPal). The NCSC recommends using three random words to create a password. Turning on two-step verification can add an extra layer of protection.
  2. Be aware of emails, text messages or websites that look too good to be true or suspicious – many scammers set up fake messages designed to steal financial and personal information. Members of the public can report suspicious messages to the NCSC via text to 7726 and email to report@phishing.gov.uk.
  3. Choose online retailers carefully – research stores before buying to confirm they are legitimate through trustworthy consumer websites. Some emails or texts about amazing offers may contain links to fake websites. If unsure, don’t use the link.
  4. Use a credit card for online payments if possible – most major credit card providers protect online purchases, and are obliged to refund individuals in certain circumstances.
  5. Only provide enough details to complete a purchase – only fill in the mandatory details on a website when shopping online (often marked with an asterisk).

Chancellor of the Duchy of Lancaster and Minister for Cyber Crime Steve Barclay said: “With a record number of cyber attacks this year, it is crucial we all take some steps to keep ourselves and our families safe from scammers while shopping online, particularly in the Boxing Day sales which have become a firm favourite for fraudsters.

“In the past year, government and police action has seen numerous convictions on cyber fraud, and we should all play our part to stamp out this terrible crime that can ruin lives.”

Paul Maddinson, Director of National Resilience and Strategy at the NCSC said: “Scammers will use any opportunity to try and trick the public and businesses into parting with their money so it’s really important that we all know how to protect ourselves.

“Whilst scams can be convincing, there are practical steps you can take to avoid falling victim to cyber crime which can all be found on the NCSC’s website.”

This warning against online scams comes alongside growing concern about the vulnerability of people’s personal technology. Hackers are targeting individuals’ applications and email accounts, gaining access to personal and financial information and exposing individuals to considerable risk.

As people receive new laptops and smartphones over Christmas, the risks are magnified. The government is also encouraging individuals to ensure that any new devices are protected to keep personal and financial information secure from hackers.However, these dangers are easily avoidable by adopting two key Cyber Aware behaviours:

  • Turning on two-step verification
  • Using three random words to secure your email accounts

For further guidance on how to stay secure online, visit www.cyberaware.gov.uk

Scottish schoolgirls succeed in UK cyber security competition

Pupils at nine schools in Scotland have been successful in reaching the semi-final stage of the 2021 CyberFirst Girls Competition, run by part of GCHQ.

Girls in Scotland have demonstrated their digital skills and codebreaking prowess by seeing off competition from thousands of rivals in the UK’s flagship cyber security contest.

Pupils at nine schools in Scotland have been successful in reaching the semi-final stage of the 2021 CyberFirst Girls Competition, run by the National Cyber Security Centre (NCSC) – a part of GCHQ.

More than 6,500 girls nationwide entered this year’s qualifying round, with teams from more than 600 schools tackling online cyber security puzzles for a chance to be named local champions and progress to the UK Grand Final.

The highest scoring teams will next take on their rivals in semi-finals in Northern Ireland, Scotland, Wales and English regions. Schools that have already accepted their place in the virtual semi-final include: Hyndland Secondary School in Glasgow and Carluke High School in Carluke.

The NCSC is highlighting the strong nationwide participation in the contest and the success of semi-finalists today on the International Day of Women and Girls in Science.

The CyberFirst Girls Competition is aimed at girls aged 12 to 13 starting to think about what subjects to take for their initial qualifications and its ambition is to inspire them to consider a career in cyber security – an industry where women are still under-represented.

NCSC Deputy Director for Cyber Growth, Chris Ensor said: “On International Day of Women and Girls in Science, we’re pleased to say that thousands of girls came forward to compete in this year’s CyberFirst Girls Competition and we congratulate the top teams which now go forward into the semi-finals.

“These girls have opened the door to what could one day be an exciting and rewarding career, where more female representation is undoubtedly needed.

“We owe a special thanks to teachers who encouraged pupils to take up this fun opportunity to engage with – and hopefully be inspired by – cyber security.”

Digital Infrastructure Minister Matt Warman said: “It is marvellous to see so many girls showing an interest in cyber security and well done to those who made it to the next round.

“The cyber security industry needs talented people and I hope everyone who took part had fun and felt inspired to consider an exciting career cracking codes, disrupting cyber attacks and protecting our online spaces.”

UK Government Minister for Scotland Iain Stewart said: “The UK Government is proud to be working with Scottish schools to support girls into cyber security.

“This competition is a great opportunity for girls right across the UK to learn together and develop digital skills for a 21st century workforce.

“Best of luck to the Scottish pupils who have worked incredibly hard to get this far.”

Since launching in 2017, more than 37,000 girls have taken part in the CyberFirst Girls Competition.

This year’s semi-final rounds will take place simultaneously on Friday 19 March in Northern Ireland, Scotland, Wales, and five English regions: the North of England, Central England, the South West, the South East and London.

Deputy First Minister John Swinney said: “The CyberFirst Girls Competition is a fantastic opportunity for girls to develop new skills and get a taste of just how rewarding a career in cyber security can be.

“Good luck to all those taking part this year.”

The challenges, covering cryptography, logic and networking, will be set by the NCSC with input from cyber security industry partners. The winners of these events will earn their place at the Grand Final in April, where the UK champions will be crowned.

More information about the competition can be found on the NCSC’s website

CyberFirst Girls Competition

CyberFirst Girls Competition 2021 banner: The story starts with you.

Registration for the CyberFirst Girls Competition 2021 is now open.

The National Cyber Security Centre is working hard to get more girls interested in a career in cyber security. The CyberFirst Girls Competition provides a fun but challenging environment to inspire the next generation of young women to consider a career in cyber security.

The competition is a team event, with each one made up of 4 female students from Year 8 in England and Wales, Year 9 in Northern Ireland and S2 in Scotland.

It consists of three distinct phases:

  • the online qualifying round to identify the top teams in each home nation and English region
  • the semi-final where teams will battle it out in their areas to qualify for a place in the Grand Final
  • the Grand Final where the top ten teams drawn from the regions in England, and from Wales, Scotland and Northern Ireland will gather to compete for the title of UK CyberFirst Girls Competition Winners.

Whatever your ability, from beginner to expert, the CyberFirst Girls Competition is an opportunity to learn something new about cyber security.

2021 Girls Competition key dates:

30th November 2020 – team registration opens

1200 (noon) 25th January – 1200 (noon) 3rd February 2021 – online qualifying round

12th March 2021 – Home nations and English regions semi-final

26th April 2021 – Grand Final

We will be sticking to the same format as last year which seeks to encourage and recognise participation from all parts of the UK, whilst making some changes to ensure the competition can run in a Covid-secure way.​

To begin with, there will be an online qualifier round lasting 10 days, followed by a semi-final round and a Grand Final.​

The content for each category of the competition is consistent with subjects within the Computer Science syllabus from both the National Curriculum and Scotland’s Curriculum for Excellence.

However, the competition will contain some advanced cyber topics that are not covered in traditional education but will seek to stretch the lateral thinking and additional cyber knowledge of the teams.


What you need to know:

  1. Teams can … register now! Registration opened on 30th November, and stays open until the qualifier closes on 3rd February 2021. We would recommend registering ahead of the online qualifier though. 
  2. Teams are……made up of up to four female students in Year 8, S2 or Year 9 (NI).​
  3. Teams need……to be supported by a responsible adult appointed by the school who is aged over 18 years and who can act as the team guardian.​
  4. Team guardians……do not need to have any cyber knowledge or be an IT or computer science teacher. Their role is to register the teams and facilitate access to the competition.​
  5. Schools can……enter as many teams as they like if they fit the qualifying criteria (see above).
  6. The semi-final round…..will take place during the school day.​ Students will need to be taken off the day’s timetable should they qualify.
  7. The Grand Final……will take place during the school day.​ Students will need to be taken off the day’s timetable should they qualify.

ACE: GCHQ recognition for University’s cyber security work

Edinburgh Napier named an Academic Centre of Excellence in new Government programme

Edinburgh Napier University is among the first in the UK to be recognised for its commitment to cyber security education under a new initiative from the National Cyber Security Centre (NCSC) – a part of GCHQ.

It is one of eight institutions named an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) for delivering first-rate cyber security education on campus and promoting cyber skills in the community.

Edinburgh Napier was recognised with the initiative’s Silver award for its ambitious vision in the field.

The University already has NCSC-certified undergraduate and postgraduate programmes – BEng Cybersecurity and Forensics, and MSc Advanced Security and Digital Forensics – which underlines the value of the qualifications, and helps to attract high quality students from around the world.    

The newly-announced NCSC accolade will now see cyber security integrated into programmes across the wider university, and greater emphasis on engagement with external stakeholders.

Professor Bill Buchanan, from Edinburgh Napier’s School of Computing, said: “The work of the NCSC is key to the development of excellence in cyber security education and knowledge exchange. These new ACEs will not only work within their own university departments, but also spread cyber security collaboration across their institution.

“Moreover, they will support a core collaborative foundation around cyber security education and knowledge exchange within each of their geographical areas. This includes working with industry, the public sector, government agencies, colleges, and so on.

“It is hoped that the ACEs-CSE will develop as trusted fundamental building blocks for a safe, secure, resilient and enterprising country. The days of silos of knowledge have passed, and we all need to work together and share our knowledge.”

The ACE-CSE programme, led by the NCSC and the Department for Digital, Culture, Media and Sport, also recognised Abertay, Lancaster, Southampton, South Wales, Surrey, Warwick and the West of England universities in this first round of applications.

Chris Ensor, NCSC Deputy Director for Cyber Growth, said: “I am delighted we can now recognise the first tranche of universities as Academic Centres of Excellence in Cyber Security Education, complementing our existing programmes which recognise high quality cyber security research and degree courses.

“It is a testament to the continual efforts of academics, support staff and senior management that cyber security remains high on their agenda.

“We very much look forward to working with them over the coming years and strongly encourage other universities to work towards achieving similar recognition in the future.”

Digital Infrastructure Minister Matt Warman said: “The UK has some of the brightest minds in the world working in tech and it’s right we celebrate universities where so many people develop relevant and cutting-edge skills.

“We continue to work closely with academia to nurture the next generation of cyber security talent and I urge interested education institutions to apply for this recognition.”

How secure is your password?

  • National Cyber Security Centre’s (CSC’s) first ‘UK Cyber Survey’ shows 42% of Brits expect to lose money to online fraud
  • Breach analysis finds 23.2 million victim accounts worldwide used 123456 as password
  • Global password risk list published to disclose passwords already known to hackers
  • NCSC urges using 3 random words as passwords on the eve of CYBERUK 2019 event

Continue reading How secure is your password?