COVER STORY Continued from Page 27

to directly access a network and mount a cyber-attack. However, we found that the ma-

jority of compromised accounts be- longed not necessarily to employees of the organisations – but the users of external services, for example citizens accessing NHS jobs sites or council wifi. In those scenarios the risk levels are not thought to be as high, as it is unlikely those users would have the administration privileges to cause severe network disruption. Te revelations come at a time of

heightened tension for public sector digital teams, particularly across the NHS, as a recent ransomware attack – again by the Conti group – on the health service in Ireland has illustrated.

Deryck Mitchelson, director of digital and security for NHS National Services Scotland (NSS), said: “We are aware that a number of NHS Scotland credentials have been leaked on to the dark web. Tis is an issue that impacts organisations across the public and private sectors. “Te NHS is the largest employer

in Scotland. Given the size of our workforce – and the number of former employees – the proportion of credentials available on the dark web is low. “We note that a large number of

these leaked credentials are out-of- date. Many include email addresses

No system is perfect but

we can reassure everyone that we are continuing to apply and improve the highest standards of data governance

Deryck Mitchelson, director of digital and security for NHS National Services Scotland


such as that are no longer active. “Tis reflects our robust and

proactive approach to data protec- tion and information governance. We constantly monitor threats and work with partners to mitigate against those threats. “Our cloud-based digital solu-

tions are designed to provide the highest standard of data assurance. External partners are also required to evidence robust data protection policies and practice and to commit to working with us to continually drive improvements in these areas. “Where data has been leaked, it

often relates to third-party sites, such as recruitment sites, where no pa- tient or clinical information is held. “No system is perfect but we

can reassure everyone that we are continuing to apply and improve the highest standards of data governance. We also hold all of our suppliers and partners to that same standard.”

Councils were also among the organisations whose employees and users’ credentials were leaked on the dark web. In response to our research,

Edinburgh, Glasgow and Fife coun- cils underlined the importance they place on cyber resilience and secu- rity and stressed that they follow official national cyber guidance. A Glasgow City Council spokes-

person said the security team within its IT provider “reviewed the information received and have con- cluded that there is no risk to any sensitive data associated with this”, and that it had two factor authenti- cation (2FA) in place. A City of Edinburgh Council

spokesperson added: “Cyber resil- ience and security are crit- ical to the council and our IT partner, CGI. We apply a robust ap- proach and processes in line with Govern- ment and National

Cyber Security Centre (NCSC) guidance to

Picture: Supplied/ NHS

National Services Scotland

Tools shine a light on threats

Kela’s RaDark tool was also deployed to simulate the reconnaissance path used by hackers to scan a network for vulnerabilities based on its “attack surface mapping” capabilities. To find the best “vector” for an attack, cybercriminals will often look for outdated technologies or open ports to find their way in. According to Kela’s analysis

across the public sector domains, it found “multiple potential compromise points”, including exposed remote access services that could enable an attacker to access and further compromise a network, and outdated web technologies whose “inherent vulnerabilities could lead to an attack on the organisation’s website”. David Carmiel, Kela’s chief

executive, said: “Nowadays, every organisation – private or

keep our networks and systems as safe and secure as possible. “Whenever our monitoring ar-

rangements or intelligence from external sources identifies possible issues, we act quickly and decisively to address them and apply further improvements or learning for our future security arrangements.” Martin Kotlewski, Fife Council’s

service manager (solutions and service assurance), said: “We take the threat of cyber-attack seriously and follow government and NCSC guidance to manage our cyber resilience. Tis includes monitor- ing various intelligence sources and acting upon any emerging threats. “As the third largest council in Scotland it is normal to have a

government, small, medium, or large, is constantly at risk due to the ever growing cybercrime ecosystem. “Cybercriminals continually

search for new opportunities to achieve one simple goal: monetise the data they obtain. The reason we do what we do at Kela is to provide our clients with ongoing visibility into their attack surface so that they can neutralise their most relevant cyber threats before damage is caused. “By doing so, we are essentially helping our clients uncover the unknown cyber threats that they are constantly facing. Our mission is to successfully take away the fear of those unknown threats by automatically penetrating the hardest-to-reach corners of the cybercrime underground and turning general data into unique, contextualised and actionable intelligence relevant to each client.”

proportionally higher number of events detected. Staff are provided with guidance around choosing se- cure passwords and the importance of not re-using them across internet sites. Strong passwords are only part of a layered security approach, and the council has mandated the use of multi-factor authentication for remote access since 2011.” Providing a broader perspective

Andy Grayland, chief information security officer at the Digital Office for Scottish Local Governnment, said: “Security and IT professionals have known for some time about the risks associated with username and password data leaks on the dark web and wider internet. “Tese leaks have driven the

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36