CYBERCRIME CRISIS
12 online attacks on public bodies this year but SNP won’t even say which ones ...or if YOUR data was stolen
SCOTLAND is in the grip of ‘cyber warfare’, with public bodies suffering a record number of attacks this year.
Since the beginning of 2021, 12 cyber attacks have been reported to the Scottish Government by public bodies.
It is the highest number in any year since the figures started to be compiled following a 2017 attack on 11 Scottish NHS boards which paralocal lysed computer systems and led to some appointments and pro- cedures being cancelled.
But the Government yesterday refused to say which public sec- tor bodies had been attacked and whether any personal data was compromised.
The 12 cyber attacks happened in the period to October 13, which means the number for 2021 is already higher than the previous record of 11 last year. In 2019, only one such attack was reported, as well as four in 2018.
Miles Briggs, Scottish Tory government spokesman, said: ‘It is obviously deeply concerning that we have seen this record number of cyber attacks on public bodies in Scotland. Sadly this is a global pattern of cyber warfare we are now seeing, and Scotland’s public sector is facing this.
‘One of the key questions I’ve been asking is whether people’s private data has been compromised by these attacks.
‘It is obviously an increasingly important and pressing issue that our public services face. It is only a matter of time, if we don’t invest, (before) we could see a really serious breach like we saw with the NHS four years ago.
‘Although this Government has put in place a reporting mechanism, I am not sure what they are doing on a preventative mechanism to make sure all public bodies are treating this as a really serious potential threat to their operation but also the data they hold on private individuals.’
He urged the Government to name the organisations which faced the attacks and to clarify whether any personal data had been accessed.
But ministers last night refused to name the affected bodies.
The Scottish Environment Protection Agency (SEPA) proactively announced that it suffered a ‘serious and complex cyber attack which has significantly impacted our contact centre, internal systems, processes and communications’ on Christmas Eve last year.
Terry A’Hearn, chief executive of SEPA, said: ‘Following a serious and significant cyber attack on Christmas Eve, likely by international serious and organised criminals, SEPA has worked to a clear recovery strategy with the Scottish Government, Police Scotland, the National Cyber Security Centre and the Scottish Business Resilience Centre.
‘We were clear that we would not use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds, and Police Scotland has been clear that “SEPA was not and is not a poorly protected organisation”.
‘Whilst within the confines of a live criminal investigation, we have been vocal and transparent on the criminal attack, the theft and illegal publication of data, the impact on our services and progress towards our recovery.
‘Sadly, as we’ve seen from daily attacks, including the Irish health service and Weir Group, cybercrime is an increasing challenge.’
The Government introduced its cyber incident reporting system in December 2017, which also allows Police Scotland and the National Cyber Security Centre (NCSC) to be notified.
A Government spokesman said: ‘In the last three years we have been informed of 28 public sector cyber security incidents, with the majority not being regarded as serious enough to require national coordinated support.
‘We continue to work closely with Police Scotland and the NCSC to ensure Scotland is resilient to cyber threats.
‘In the public sector, we have a cyber incident notification process with Police Scotland and the NCSC to provide support and share threat intelligence where required.’