Scotland’s central auditor has warned the country’s public sector about a rise in sophisticated malware attacks.
Audit Scotland has urged senior leaders in organisations to raise the profile of the issue and pointed to measures that can be taken to defend against the threat.
It said the dangers have increased with recent ransomware attacks on the Scottish Environment Protection Agency, the University of the Highlands and Islands and Ireland’s health service, and said the risks of cyber fraud have intensified with the Covid-19 pandemic.
Audit Scotland’s audit manager Dr Bernadette Milligan said in a blogpost that recent incidents have highlighted some key areas of improvement that boards should discuss with their technical experts.
These include the importance of back-ups, cyber incident response arrangements and exercising, and the National Cyber Security Council’s Active Cyber Defence measures.
Milligan also pointed to the Scottish Government’s Public Sector Cyber Resilience Framework as setting out standards that public bodies should be looking to achieve.
In February the Scottish Government published a strategic framework for cyber resilience that includes a ‘secure by design’ approach and a strong role for domestic companies in protecting the public sector.
Image from iStock, Ostapenko Olena
