You are currently viewing HSE finds recruiting cybersecurity staff ‘difficult’

HSE finds recruiting cybersecurity staff ‘difficult’

The Health Service Executive said it was “particularly difficult” to recruit cybersecurity staff at the moment due to competition for talent.

Tomorrow will mark the one year anniversary of a major cyberattack on the HSE which caused months of disruption and could cost 100 million euros.

An independent review of the attack by PwC found that the HSE was running on a fragile IT system and lacked the appropriate cybersecurity expertise or resources.

One of the main recommendations of the report was the need to hire more IT staff.

The HSE said a number of appointments had been made and recruitment competitions were underway for other positions.

“The HSE faces similar challenges to other organizations where recruiting top cybersecurity talent is a particularly difficult task in a tight job market where demand effortlessly outstrips supply,” the HSE said in a statement.

PwC’s cyberattack review recommended the appointment of a chief technology and transformation officer and a chief information security officer.

The HSE said the positions are being filled on an interim basis with permanent appointments likely to take several months.

Alongside external recruitment campaigns, the HSE said it was also developing existing staff, using graduate admissions and internships as well as entering into cybersecurity partnerships.

Cyber ​​Ireland represents the cybersecurity industry and today released a new report showing the potential to make Ireland a cybersecurity hub generating thousands of jobs.

But it also reveals the severe talent shortages that currently exist.

“Our report shows that 83% of companies will grow their cybersecurity teams over the next 12 months, but 60% of them have staffing issues related to lack of candidates, technical skills and salary increases. “, said Dr Eoin Byrne, Cluster Manager at Cyber ​​Ireland, said.

When it comes to the HSE, it’s public sector salaries that have to compete with the generous offers offered by the tech giants based here.

“This is something we need to address in collaboration with industry, academia and government to ensure we have a pipeline of cybersecurity talent and are not reliant on attracting foreign talent.” , said Dr. Byrne.

On May 14, 2021, cybercriminals, believed to be linked to the Russian hacking group Conti, launched a ransomware attack against the HSE.

They demanded a ransom for not releasing the stolen data and digital decryption keys to unlock the systems they had disabled.

The government insisted that no ransom would be paid.

Six days after the attack, the hackers released a decryption key which facilitated the recovery process.

The HSE said it has engaged an internationally renowned firm to provide managed cyber defense and security operations.

Other measures have been introduced including improved IT monitoring, email validation systems and additional email scanning.

Stuart Davis is Director of Incident Response Services at cybersecurity firm CrowdStrike.

He thinks similar cyberattacks are likely in the future.

“Unfortunately institutions in Ireland will always be susceptible to ransomware attacks, we have learned that we need a good crisis management framework in place for all of our government entities,” he said.

Aontú leader Peadar Tóibín said that a year after the HSE cyberattack, many questions remain unanswered.

“I’m not at all convinced that the government has really analyzed how we are going to prevent these attacks in the future,” he said.

“We have had no proper investigation into what happened and Aontú is asking for a judge-led investigation.”

“It was a disaster and there is no doubt that the human cost has not been fully analyzed in terms of the number of patients who were denied treatment when they needed it or the number of deaths. “, did he declare.

Leave a Reply