HSE finds recruiting cyber security staff ‘difficult’
The executive director of the health service said that it is currently “especially difficult” to hire cyber security staff due to competition for talent.
Tomorrow will be the first anniversary of a major cyber attack on HSE that has caused months of disruption and could eventually cost 100m euros.
An independent audit of the attack by PwC found that HSE was working on a weak IT system and lacked adequate cyber expertise or resources.
One of the main recommendations of the report was the need to hire more IT staff.
HSE announced that a number of appointments have been made and that competitions for employment for other roles are underway.
“HSE faces similar challenges as other organizations where recruiting the best cybersecurity talent is a particularly difficult task in a tight labor market where demand effortlessly outpaces supply,” HSE said in a statement.
The PwC Cyber Attack Review recommended the appointment of the Chief Technology and Transformation Director and the Chief Information Security Officer.
HSE said the positions are being filled on a temporary basis with permanent appointments that are likely to last several months.
In addition to external recruitment campaigns, HSE said it is also improving existing staff, using graduate admissions and internships, as well as entering into cybersecurity partnerships.
Cyber Ireland represents the cybersecurity sector and today publishes a new report showing the potential for Ireland to become a cybersecurity hub that creates thousands of jobs.
But it also reveals a serious lack of talent that currently exists.
“Our report shows that 83% of companies will increase their cyber security teams in the next 12 months, but 60% of them have staffing problems due to lack of candidates, technical skills and salary increases,” said Dr. Eoin Byrne, Cluster Manager for Cyber. Ireland, he said.
When it comes to HSE, it is the case that salaries in the public sector have to compete with generous packages offered by the technology giants that are here.
“It is something we need to have fun with industry, academia and government to make sure we have cyber security talent and not depend on attracting talent from abroad,” he said. Byrne.
On May 14, 2021, cybercriminals, believed to be linked to the Russian hacker group Conti, carried out a ransomware attack on HSE.
They demanded a ransom for not publishing the stolen data and for digital decryption keys to unlock the systems they disabled.
The government insisted the ransom would not be paid.
Six days after the attack, hackers released a decryption key that helped in the recovery process.
HSE announced that it has hired an internationally recognized company to provide managed cyber defense and security operations.
Other measures introduced include improved IT tracking, email validation systems and additional email scanning.
Stuart Davis is director of incident response at cybersecurity firm CrowdStrike.
He believes similar cyber attacks are likely in the future.
“Unfortunately, institutions in Ireland will always be vulnerable to ransomware attacks, we have learned that we need a good crisis management framework for all our government entities,” he said.
Aontúa leader Peadar Tóibín said that a year after the cyber attack on HSE, many questions remain unanswered.
“I am not at all sure that the government has really analyzed how we will prevent these attacks in the future,” he said.
“We did not have a proper investigation into what happened and Aontú is calling for an investigation led by a judge.”
“It was a disaster and there is no doubt that the human cost was not fully analyzed in terms of the amount of patients who were denied treatment at the time of need or how many suffered loss of life,” he said.
Comments are closed.