There’s a lack of cyber security expertise and insufficient expenditure in many organisations which makes them more vulnerable to cyber-attacks.
One of the most vulnerable in the UK is the National Health Service. Research by cyber security company Redscan indicates that many NHS trusts are unable to retain the necessary skills and expertise.
The average spend across 159 trusts was only £5,356 over the past 12 months. While some spent as much as £78,000, this doesn’t correlate in any logical way to the size of each trust. Some spent as little as £250.
The research’s conclusion was that NHS managers are taking an inconsistent approach to ensuring that the skills and solutions are in place to protect against attacks such as WannaCry which hurt the health service so badly in 2017 and cost the NHS more than £90m.
In fact, WannaCry may have been a wake-up call for the NHS as there are signs of greater awareness now.
Redscan sent a separate request for information to NHS trusts and the responses it received back revealed that 139 have now undertaken a Data Security Onsite Assessment. A year earlier, only 60 had carried out such an assessment.
It’s also a good sign that the UK’s Department of Health and Social Care has committed an additional £150 million over the next three years to help improve IT security in the NHS. One key aspect will be to upgrade all Windows XP devices to Windows 10 by 2020.
The NHS is not alone in being slow to take the threat from cyber-space seriously.
Research by MarketsandMarkets, suggests that lawyers’ cyber security budgets will only increase on average by 13 per cent this year. This contrasts with a much higher awareness amongst lawyers about the risks. It suggests there’s still a lack of understanding about how much budget is actually needed to realistically tackle such a growing problem.
The first step to improving cyber security for any company of any size or sector should be a cyber vulnerability assessment. An independent IT specialist can help you take an objective view of all the options available – and will have experience of many other clients in different sectors.
Gary Jowett, from Computer & Network Consultants in Brighton, said: “The ever-present threat of cyber-attacks means that the NHS should be making the upgrade to Windows 10 as a matter of urgency because using XP on any device is a weakness that could so easily be exploited again.
“As for the legal sector, it has always been an attractive target for hackers because of the sheer volume of confidential data it handles. This is why law firms need to set aside significantly more budget on improving IT security over the next few years or they could face a major data breach that costs them millions in compensation payments and badly damages their reputation.”