This month’s cyber security industry round-up covers the National Audit Office’s (NAO) report on WannaCry, how more people needed to combat cyber security skills gap and internationally, the Food and Drug Administration encouraging medical device manufactures to update patches.

NHS could have fended off Wannacry disruption says NAO report

The National Audit Office (NAO) recently released a detailed report following its investigation into the 12 May WannaCry event.

It said NHS trusts were left vulnerable because simple cyber-security recommendations were not followed. More than a third of trusts were disrupted by the WannaCry ransomware attack, according to the report.

At least 6,900 NHS appointments were cancelled as a result of the attack.

NHS England said no patient data had been compromised or stolen and praised the staff response.

Amyas Morse, head of the National Audit Office, said it was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.

“There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

Meg Hillier MP, chair of the Committee of Public Accounts agreed, saying the NHS could have fended off the attack if it had taken simple steps to protect its computers and medical equipment.

Since WannaCry, NHS England and NHS Improvement have written to every trust, clinical commissioning group and commissioning support unit asking boards to ensure that they have implemented all 39 CareCERT alerts issued by NHS Digital between March and May 2017 and taken essential action to secure local firewalls.

More people needed to combat cybersecurity skills gap

The answer to tackling the UK’s cybersecurity skills gap fundamentally lies in encouraging more people to enter the industry, reports

The UK has a serious shortage of skilled cybersecurity professionals, and the gap between supply and demand is only getting wider by the day.

According to a recent study, Britain has the second largest cybersecurity skills shortage in the world, with only Israel having a poorer shortage of such professionals. reports that the demand for cybersecurity experts is rising at an unprecedented rate, yet the number of people applying for these roles in the UK is worryingly low.

According to the latest Global information security workforce study, the number of cybersecurity jobs in the UK is increasing at nearly 20 per cent every year, yet it has been predicted that there will be a global shortfall of 1.8 million cyber professionals by 2022.

Over two-thirds of UK companies admit they do not have enough security personnel in their staff to combat the rise in cybercrime. Nearly half of businesses say that because there are not enough cybersecurity professionals, there has been a significant increase in data breaches.

Detection more important than protectection, says Micosoft UK CTO

At the recent Microsoft Decoded event in London, Microsoft UK CTO, Michael Wignall said detection is more important than protection in cybersecurity.

Wignall explained the importance of security as an overarching necessity in order to work with new technology trends.

Wignall stated that security systems should work on three fronts; protection, detection and response. “It’s vitally important to understand your technology environment and how it’s changed – you’re now much more connected than ever before. We have to think about cybersecurity in a very different way.”

One of the ways in which detection times can be reduced, argued Wignall, is through machine learning. reported that the use of artificial intelligence and machine learning by attackers is becoming more prevalent, and as such, should also be used by security professionals.

Wignall said: “A lot of the threat isn’t as targeted and sophisticated as you might think, it’s actually much more opportunistic – they’re taking advantages of some of the changes in the tech landscape.

FDA encourages medical device manufactures to update patches

In international news, the US Food and Drug administration (FDA) is encouraging medical device manufacturers to proactively update and patch devices in a safe and timely manner.

The FDA recently published guidances – recommendations for manufacturers and others – that contain recommendations for comprehensive management of medical device cybersecurity risks throughout the total product life cycle. This includes closely monitoring devices already on the market for cybersecurity issues.

Working with the medical device industry and other federal agencies, FDA will continue its work to ensure the safety and effectiveness of medical devices at all stages of their lifecycles against potential cyber threats.