UK public sector expenditure on digital defences is up 3,183 percent this year - from £6 million of contracts tendered last year to £191 million tendered this year, according to Tussell, a government contracts analyst quoted in the Times newspaper today.
Of that sum, £20 million is to be spent by the NHS on a new cyber-security unit - NHS Digital - which will use “ethical hackers” to look for weaknesses in the health service's defences. This makes the health service the third biggest public sector buyer of cyber-security.
Health chiefs say they will monitor the internet for incoming and emerging threats with a larger and stronger data security team to help hospitals that are in danger of being hacked, rather than waiting to be hit. The system aims to provide a national, near real-time monitoring and alerting service that covers the whole health and care system.
The move follows May's attack when a third of England's hospitals were hit by WannaCry, which led to criticisms of the NHS' disjointed response.
Speaking on the contract, Greg Day, vice president and security chief of EMEA Palo Alto Networks said: “Designating a Red team will mean weak spots could be hunted down faster. Opportunities for live cyber-security skills training of current teams on a cyber range-type test environment also should be considered more fully. However, detecting issues is only of value when you can action them quickly and effectively, which requires considerable resources especially for such a large and complex organisation like the NHS.
“Cyber-security leaders and their teams within NHS organisations need to be supported by much more automated and more efficient cyber-security solutions focused on prevention and aggressively reducing risks.
“It's important that the NHS creates a strong prevention culture that pervades the whole organisation rather than simply relying on an elite group of cyber-security fighters.”
Trevor Luker, director of security operations & threat intelligence at Mimecast adds: “An active and coordinated response is vital to ensure the cyber-resilience of the NHS.
“If the NHS can model their scheme on what other large organisations already have in place they should be able to get something working quite quickly.
However Luker warns, “The risk is that if the trusts have a central resource like this that they might de-skill their local resource pool to save on regional budgets. This in turn could lead to slower response to an incident, so in fact making the problem worse.”
Matt Lock, director of sales engineers at Varonis comments: “...given the impact of the WannaCry attack, one must also ask why it has taken them so long to create a SOC. The new centre must be a part of an ongoing effort to keep up with the latest attacks from extremely well-funded and experienced criminals intent on compromising the NHS system. A SOC is an important piece of the overall security posture for large organizations, but continuous improvement and advancements are critical parts of the equation.”