The scottish Government promotes training to helps Safeguard organisations from Cyberattacks - Yubico comments
August 2022 by Yubico
On Wednesday 3rd August, the Scottish government announced it had received a £500,000 grant dedicated to offering online and in-person cybersecurity workshops for more than 250 public-service and third-sector health organisations throughout the country. Additional benefactors will include public housing, social care bodies, and other related services to ensure that they have better measures in place when facing online attacks and other emerging cybersecurity risks.
These workshops and training sessions are in response to the significant increase in disruptive large-scale cyberattacks targeting Scotland, with recent events such as the Russia-Ukraine conflict and COVID pandemic reportedly worsening matters for the country.
Nic Sarginson, Principal Solutions Engineer at Yubico, commends the Scottish government on providing funds for this training and comments on the cybersecurity best practices that are required in addition: “With a significant number of Scotland’s public sector organisations facing targeted cyberattacks recently, it is imperative that more effective measures are put in place to match and even surpass the strength of modern cyberthreats. With the security of the general population and potentially lives at risk, spreading awareness and providing cyber-education programmes is very important.
“However, a lot of the difficulty with maintaining effective cybersecurity throughout the public sector is ensuring that internal login details are as secure as possible, as many organisations are overly dependent on the use of outdated methods such as passwords and usernames. As such, it can be challenging for staff to generate and manage passwords that are both easy to remember and complicated enough to avoid being compromised. Although better than having no security measures at all, two-factor authentication (2FA) and one-time passcodes (OTPs) are easily susceptible to many common credential-stealing tactics including man-in-the-middle (MitM) attacks, accounts takeovers, SIM swapping, and phishing – with major phishing attacks even occurring on the same day of the funding announcement.
“One cybersecurity solution that many within the public sector are implementing is multi-factor authentication (MFA) via hardware FIDO2 security keys. These devices combine phishing-resistant cryptography and hardware with a knowledge factor only known to the user to protect their corporate accounts. They also reduce the costs associated with employee and IT helpdesks, including the number one IT support cost – resetting user passwords. MFA FIDO2 security keys have been proven to be the most effective form of modern cyber protection and have even been recognised by prominent organisations including Google, Twitter, Salesforce, and the US Government.
“Organisations continuing to use weak or outdated cybersecurity measures can leave the public sector vulnerable to data breaches and employees resistant to new security practices. As the cyber threat landscape continues to evolve, educating public sector users on the importance of digital hygiene and current best practices is essential and should be ongoing. This, paired with the use of modern authentication solutions can allow the public sector to benefit from a truly effective cybersecurity experience.”