25% of NHS trusts have zero staff who are versed in security
A quarter of NHS trusts in the UK responding to a Freedom of Information request have no staff with security qualifications, despite some employing up to 16,000 people.
On average, trusts employ one qualified security professional for every 2,582 employees, according to Freedom of Information requests submitted by penetration testing firm Redscan.
Trusts were asked about their cyber, information and data security spending and training, with 159 responding to at least one question.
It found that nearly one in four – 24 of the 108 who responded to this question – had no employees with security qualifications.
However, several of the NHS trusts were reported to have said they had staffers in the process of gaining relevant security qualifications.
This might suggest they recognise the importance of training, or that they struggled to recruit people with the qualifications – or perhaps that they were aware of how the numbers would look amid concerns about NHS security.
Most prominent among these is the 2017 WannaCry malware outbreak – which hit one in three English NHS Trusts and cost the National Health Service £92m, but this is far from the only cyber attack NHS systems face. Meanwhile, there are reports about small-scale data breaches that still affect patients, and about clunky tech in need of updating.
Redscan also asked about training for data security and information governance in the past 12 months, finding that trusts spent an average of £5,356 on data security training, with figures ranging from £238 to £78,000.
This broad variation wasn't related to the size of the trust: mid-sized groups with 3,000 to 4,000 employees spent between £500 and £33,000.
Redscan added that "a significant proportion" had spent nothing on specialist training – but a lot of in-house training does not cost the trusts anything, and they can also rely on free tools from NHS Digital.
This includes free information governance training, which NHS Digital recommends that 95 per cent of all staff should have passed every 12 months.
The FoI found that only 12 per cent of trusts had met this target, but most were not far off, having trained between 80 and 95 per cent of their staff. A quarter said fewer than 80 per cent had completed the training.
However, Mark Nicholls, Redscan director of cybersecurity, said that information governance training was just one part in the information and security picture.
"People remain the weakest link in the cyber security chain," he said. "Despite IG training raising awareness of security risks and common pitfalls, you can never fully mitigate the risks of employees making mistakes or falling for social engineering scams."
More broadly, Nicholls said that, despite getting some extra cash from government for cybersecurity in the aftermath of WannaCry, NHS trusts are still under extreme financial pressure.
This will not only make it harder for the NHS to recruit staff as they struggle to compete with "the private sector's bumper wages", but also put pressure elsewhere in the system.
"No doubt resources are being strained further still if you assume that staff with security qualifications are part of IT teams responsible for far more than just cyber security," he said.
source theregister
Industry: Cyber Security News
Latest Jobs
-
- Azure Identity Consultant
- Netherlands
- discussed on applications
-
Are you a cybersecurity expert passionate about identity and access management? We are seeking a talented IAM Technical Specialist to join our Sec Ops team. In this role, you will play a pivotal part in developing and maintaining our IAM infrastructure, ensuring the highest levels of security and compliance. What you'll do: Design, implement, and maintain IAM solutions for both on-premise and cloud environments. Collaborate with cross-functional teams to integrate IAM systems into various applications and processes. Conduct security assessments and risk analysis to identify and mitigate vulnerabilities. Stay up-to-date with the latest IAM technologies and industry best practices. What we're looking for: Experience: experience as a technical specialist with expertise in AD management. IGA concepts: Experience with Identity Governance and Administration (IGA) concepts such as RBAC, PAM, SIEM, SSO, segregation of duties (SoD), data classification, and recertification. Azure Identity Management: Minimum 2 years of demonstrable experience with Azure identity management, specifically within complex organizations. IT knowledge: Good general knowledge of IT environments such as Active Directory, Azure Cloud, Office 365, SharePoint Online, etc. Protocol knowledge: Familiar with SAML, OIDC, OAuth, and SCIM. Programming languages: Minimum 3 years of experience with development languages such as PowerShell; knowledge of Java or C# is a plus.
-
- Cloud Architect- German Speaker
- Hungary
- Upto €48000 per year + bonus + benefits
-
As a Senior Pre-Sales Solutions Architect, you will play a pivotal role in driving our sales success by translating complex technical solutions into compelling proposals that resonate with our clients. You will collaborate closely with our sales teams to understand customer needs, design tailored solutions, and negotiate successful deals. Responsibilities: Solution Design: Develop comprehensive technical solutions that align with customer business objectives and industry best practices. Proposal Development: Create compelling proposals, including requirements gathering questionnaires, presentation materials, and Statements of Work (SOWs). Customer Engagement: Build strong relationships with clients, understanding their technical, business, and commercial requirements. Collaboration: Work closely with sales teams, delivery teams, and third-party partners to ensure successful project execution. Pricing Strategy: Define and deliver pricing strategies that align with customer needs and company objectives. Requirements: Experience in technical pre-sales or sales support roles. Proven track record in designing and delivering successful customer solutions. Strong technical foundation in areas such as VMware, Azure, AWS, cloud computing, and data center technologies. Excellent understanding of sales principles, account management, and negotiation techniques. Ability to explain complex technical concepts clearly and concisely. Experience working in international teams and supporting clients across multiple regions. Fluency in German and English is essential. Benefits: Competitive salary and benefits package Opportunity to work on challenging and rewarding projects Collaborative and supportive work environment Potential for career growth and advancement Please note that this role is focused on supporting German clients, but will also involve global client support as needed.
-
- Microsoft Sentinel Architect
- United Kingdom
- discussed on applications
-
Microsoft Sentinel Architect We're seeking a talented and experienced Microsoft Sentinel Architect to be responsible for the design, deploy of a new Sentinel solution into an expanding Services business. As a key member of our team, you'll play a vital role in driving security operations and protecting clients' assets. Responsibilities: Solution Design: Develop comprehensive Microsoft Sentinel architectures aligned with our clients' specific needs and industry best practices. Deployment and Configuration: Oversee the deployment and configuration of Sentinel components, including data connectors, analytics rules, and playbooks. Integration: Integrate Sentinel with other security tools and platforms within our MSSP ecosystem. Tuning and Optimization: Continuously monitor and optimize Sentinel performance to ensure maximum effectiveness and efficiency. Training and Mentoring: Mentor junior team members and provide training on Sentinel technologies and best practices. Required Skills and Experience: Proven experience as a Microsoft Sentinel Architect with a deep understanding of its capabilities and limitations. Strong technical skills in Azure, security operations, and data analytics. Experience designing and implementing complex security solutions, into a services environment Knowledge of threat intelligence, incident response, and compliance frameworks. Excellent communication and problem-solving skills.
-
- Network & Security Consultant
- Romania
- €54000 plus benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred) for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.