lolloj - Fotolia

Ransomware is helping make the cyber threat real

The Scottish government is working to help businesses understand and manage the cyber security risk

Ransomware is helping make the cyber threat real, according to Keith McDevitt, cyber resilience integrator, Scottish government.

“Ransomware has come along and kicked people right in the face, and now they are taking action because it’s real. They have either have felt the impact directly or they know of someone who has,” he told The Cyber Security Summit in London.

From an early age, McDevitt said people understand the risk of crossing the road because they can see the big red bus looming down on them and it is instinctive to step back to safety.

“But when it comes to cyber, they need to assess the risk of something they cannot see, feel, smell or hear. This abstract threat means very little when you can’t understand it,” he said.

McDevitt is part of the Scottish government’s initiative that complements the UK Cyber Security Strategy and is aimed at taking local approach to raising awareness about cyber risks, how to mitigate them and how to ensure greater cyber resilience, particularly among the owners of small businesses that make up 99.4% of the private sector in Scotland.

“It is difficult to manage a risk that you can’t describe, which is what small businesses are up against,” he said, adding that the Scottish government’s emphasis is on resilience rather than security.

“Security is negative and a turn off for many people, which is why we believe the focus should be on the ability to adapt to, withstand and recover from cyber attacks,” said McDevitt.

To do this, he said the Scottish government is working to develop citizens’ knowledge, skills and understanding and awareness of the risk, and on citizens’ ability to then take steps to defend and recover.

Read more about SME security

“Engaging people in a language they understand in a very positive way is part of the solution, in our view, because there is so much negativity,” said McDevitt.

“Businesses are looking for the ‘good news stories’ about other businesses in the same line of business who have got it right.”

The reality in Scotland, he said, is that most of the small businesses are very small and most of their owners have not heard of the UK government’s Cyber Essentials Scheme (CES), 10 Steps to Security guide, or Cyber Streetwise campaign.

“This demonstrates that there is an issue about the message and the communication. There is an issue about very busy people who live in the real world, and sometimes we just need to get grounded on this,” said McDevitt.

Because Scotland wants to do business online and the government sees online business as the future, he said, it is essential that those businesses operating online are doing so “with their eyes wide open”, especially small businesses that are typically at the forefront of innovation.

“We need to talk to business in a much more enabling way, including the benefits of getting it right,” he said. “The reality is that this is a business risk, and businesses are used to managing risk, but they need help in understanding what the real risk is.”

Read more on Hackers and cybercrime prevention