This month’s cyber security industry round-up takes a look at the 12-month anniversary of the The National Cyber Security Centre, a new accelerator programme for cyber and health IoT start-ups in Wales, and a new SMS-based alerts system being deployed in the NHS to aid communications during cyber-attacks.
National Cyber Security Centre releases report marking 12 months of protecting the UK
The National Cyber Security Centre (NCSC) has published a report highlighting the work it has done since being established in October 2016.
The NCSC led the UK response to the WannaCry ransomware incident, which disrupted more than a third of NHS trusts in England. In its first 12 months of operation, the organisation received 1,131 incident reports, 590 of which were classed as “significant”.
The organisation claims to have prevented more than 79,000 potential phishing attacks by blocking malicious emails carrying a spoof “@gov.uk” suffix. The report also suggests that NCSC has reduced the length of time a phishing website stays online from 27 hours to just one hour.
Jeremy Fleming, Director of GCHQ, said: “In an increasingly digital world, cyber is playing an ever more important part in our daily lives and in the UK’s approach to security. The threats to the UK are evolving rapidly as technology advances. Our response has been to transform to stay ahead of them.
“The NCSC has brought together unparalleled skills, capabilities and partnerships and in its first year has made enormous strides in increasing and improving our cyber capabilities. It is in the front line in protecting the UK against a growing number of cyber-attacks.”
Wales gets IoT friendly with new accelerator programme
A new accelerator programme has launched in Wales offering financial and entrepreneurial support for IoT start-ups targeting cyber security, healthcare and other key areas.
The programme will run for 12 weeks and will accept ten entrants, who will receive a £50,000 investment and a further £70,000 worth of training, in return for a 10% equity stake in the enterprise. They’ll also get access to training facilities and free office space to help them build out their business.
The accelerator programme has been put together by Innovation Point, The Accelerator Network, Barclays Eagle Labs, Inspire Wales and the Development Bank of Wales. It’s been launched at a significant time for the country’s technology industry, following the signing of a deal that will see a cluster of semiconductor companies set up shop in South East Wales.
Ian Merricks, Chair of The Accelerator Network, said: “The appetite amongst tech entrepreneurs has never been greater…The IoTA Wales is responding to this through an intensive-growth programme that is specifically designed to help make the IoT start-up journey a shorter and more successful one.”
NHS launches SMS alert system for cybersecurity incidents
NHS Digital has established a system to deliver cybersecurity updates across the NHS during major security incidents.
During a “high severity security incident,” CareCERT alerts and updates will be sent to clinicians and hospital staff, including those working in acute care, ambulance and mental health trusts, CCGs and Commissioning Support Units. Staff will also be able to read information and updates provided by CareCERT on NHS Digital’s website.
The alerts will be sent using GOV.UK Notify, a free government service that allows those working in central government, local authorities and the NHS to send emails and texts to colleagues. This allows messages to be sent to NHS organisations without the need for NHS Mail or any other applications that could be compromised in a cyber security incident.
NHS Digital is also working with the National Cyber Security Centre to “establish a professional network of IT and security professionals in health and care” who can provide support during a breach.
Toby Griffiths, Innovation & Development lead at the NHS Data Security Centre, said: “SMS was identified as an appropriate solution following feedback from users affected by WannaCry, as it offers an additional level of resilience beyond the standard channels used for sharing CareCERT updates.
“Strengthening our communications in this way will ensure that key contacts are receiving critical updates during major incidents, especially when they might not have access to their email or work computer.”
1 in 4 healthcare companies would pay up in ransomware incident
New research from Infoblox suggests that as many as 1 in 4 healthcare organisations would be willing to pay a ransom in the event of a cyber-attack.
The report, based on the answers of 305 healthcare IT professionals in the UK and US, concluded that a quarter of IT professionals are not confident in their organisation’s ability to respond to a cyber-attack.
It also found that 1 in 5 healthcare organisations have Windows XP running on their network despite the vulnerabilities with system highlighted by this year’s global WannaCry outbreak.
The research was commissioned by Infoblox in part to highlight the dangers cyber-attacks pose to healthcare organisations as the number of internet-connected devices increases. It found that nearly half (47%) of large healthcare organisations managed upwards of 5,000 devices on their network.
Rob Bolton, director of Western Europe at Infoblox, said: “The widespread disruption experienced by the NHS during the WannaCry outbreak demonstrated the severe impact to health services that can be caused by a cyberattack. It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”
FireMon launches Intelligent Policy Automation for Cloud
Enterprise network security firm FireMon is launching an Intelligent Policy Automation (IPA) solution for Cloud services.
The technology provides companies with real-time analysis of their firewalls and offers automation capabilities that reduce the risk of human error. As a result, IPA for Cloud can potentially lower the likelihood of security breaches caused my firewall misconfigurations.
The technology will be showcased at this year’s AWS: re:Invent, taking place in Las Vegas between 27 November and 1 December.