In a year where the UK’s National Health Service (NHS) has experienced the biggest ever breach of its network in the global WannaCry ransomware attack, the health service has decided to take action.
It has been announced that NHS Digital will invest £20 million in a cyber security team, which will be dedicated to protecting the NHS from cyber attacks, while enhancing the network’s cyber defence.
The investment, in part, will see the formation of an “ethical hacking” unit, which will probe the NHS network for any weaknesses, to identify where hackers might attack.
Commenting on this cyber security initiative, Rob Bolton, director and GM, Western Europe, at Infoblox said the “news that NHS Digital is investing in a devoted cyber security unit is incredibly welcome.”
“The healthcare industry is currently facing major challenges that require it to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands as well as regulatory requirements. Having a devoted team of ethical hackers will enable the NHS to identify, respond to, and remediate active threats much more effectively. This will allow the NHS to continue with its digital transformation with a renewed sense of confidence.”
Justin Coker, VP EMEA at Skybox Security believes this plan is a step in the right direction, however, the lack of readily available cyber security talent could be a major barrier to its implementation.
“With NHS funding already in short supply, a quick step-change in the evolution of their cyber capability is needed to help prevent more attacks similar to WannaCry. The thinking behind boosting the NHS’s pool of cyber security skills and harnessing the expertise of ethical hackers is certainly a great start, however, the NHS is going to be competing for the same talent, already in short supply, with other organisations, many with deeper pockets.”
>See also: NHS ‘will be hit by more cyber attacks’
“Regardless of their talent and availability to work for the NHS, these new cybersecurity experts will need to have tools that augment their existing talents, especially in visualising and pinpointing threats and vulnerabilities quickly and effectively in order to increase the resilience and cyber hygiene of the organisation by locking down their attack surface in a proactive modus operandi.”
“Analytics and automation of security operations will likely be the key to their success. As the NHS captures more and more patient data, they will have to deal with increasing reams of information and fewer people to manage the organisation’s networks. Analytics and automation will play a critical role by improving efficiency in the discovery and more importantly the prioritisation of the vulnerabilities that are putting the organisation most at risk. This will provide NHS teams context and guidance on exactly where to prioritise remediation efforts.”