SBRC to administer NCSC training across Scotland

The Scottish government has awarded the Scottish Business Resilience Centre (SBRC) a £500,000 contract to extend cyber resilience training – in the form of the National Cyber Security Centre’s (NCSC’s) Exercise In A Box programme – to more than 250 organisations across Scotland that have been deemed particularly vulnerable.

The training is being targeted at public and third sector health, housing and social care organisations providing vital services to millions of people, and will be run in both online and in-person formats. The training exercises include dealing with mock scenarios such as third-party software compromises, ransomware attacks and sensitive data leaks.

The SBRC said organisations in Scotland had been subjected to a number of disruptive, large-scale cyber attacks in recent years, exacerbated in particular by the Covid-19 pandemic and, more recently, the war in Ukraine.

“There is no denying that the ongoing pressure facing everyone from a cyber perspective has increased massively in recent years. Just as we see one organisation recover from the grips of a cyber incident, another is targeted,” said SBRC CEO Jude McCorry.

“It is also now believed that cyber criminals have targeted more than three-quarters of public sector organisations and, closer to home, we have seen this play out with a number of disruptive large-scale attacks already in Scotland.

“We don’t want to see more Scottish organisations fall victim to these attacks, and that is why upskilling and awareness programmes continue to be so vital,” she said.

Justice secretary Keith Brown of the SNP added: “We have all seen the devastating impact of an organisation falling victim to a cyber-related incident, so extending training to make more people aware of the risks is absolutely crucial.

“The Scottish Government is committed to ensuring Scotland leads the way in cyber resilience and security. This extended training will help many more organisations to stave off the threat of an attack, and protect against disruptive and costly data breaches.

“The workshops provide practical guidance to mitigate or respond to hostile cyber attacks. I would urge eligible organisations to take up this opportunity to ensure they are protected.”

Joseph Carson, ethical hacker, chief security scientist and advisory CISO at Delinea, said the benefits of grants such as these including opening the doors to the sort of security budget that is typically unavailable to many.

“It is truly great to see the Scottish government setting an example by taking the initiative to help educate multiple public services, health, housing and social care bodies to best prepare them for very real and somewhat probable cyber attacks, helping more businesses aim to hit the cyber essentials five security controls,” he said.

“Grants like these are an essential step to encouraging smaller organisations to strengthen security awareness and business resiliency against the ever-increasing cyber threats, where the budget wouldn’t necessarily always be available.”