Sharing our learnings to help others
On 24 December 2020, SEPA was subject to a serious and complex cyber-attack, displaying significant stealth and malicious sophistication.
SEPA worked closely with Scottish Government, Police Scotland, the National Cyber Security Centre (NCSC) and the Scottish Business Resilience Centre (SBRC).
Sharing our learnings to help others
We voluntarily commissioned reviews from independent experts to help:
- Ensure that SEPA further enhances its cyber security as the organisation builds new systems and practices.
- Allow others to learn from SEPA’s experience to help better protect themselves from cyber-crime.
We published as much of the reviews as possible, supporting Police Scotland and Scottish Business Resilience Centre's to support organisations to be cyber ready, resilient and responsive.
- SEPA: Response and recovery from a major cyber-attack
- Azets: SEPA Internal Audit Report 2020/2021 Cyber Attack – Response
- Azets: SEPA Internal Audit Report 2020/2021 Cyber-Attack – Lessons Learned
- Police Scotland: Cyber-attack response debrief
- Police Scotland: Cyber-attack response debrief management response
- Scottish Business Resilience Centre: SEPA cyber preparedness review
Further information
Cyber security advice:
- Protecting yourself against cybercrime - Police Scotland
- Cybercrime Harm Prevention Guidance from Police Scotland
- Register for the ‘Exercise in a Box’, a free, 90-minute non-technical workshop, from the Scottish Business Resilience Centre
- Scottish Business Resilience Centre helpline for Scottish organisations in the event of a cyber-attack
- Cyber security advice for businesses, charities and critical national infrastructure with more than 250 employees
- Cyber security advice for businesses, charities, clubs and schools with up to 250 employees