We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
How TV gets cyber wrong
Hackers and cyber attacks feature in many films and television programmes, but are these portrayals accurate? Hecham Mrabet, senior security specialist at NHS Digital, gives us a behind-the-scenes look at how a cyber security centre runs in real life.
16 December 2019
Cyber security is fascinating, high-tech and critical to the world as we know it. However, the reality is often very different to how it is portrayed in movies and television.
As intriguing as it looks, green characters cascading down a black screen only happens in films like The Matrix. At NHS Digital, we have six large screens with dashboards on a big wall and a couple of monitors on our desks – it’s high tech, but it’s not the Minority Report.
Here’s a few more examples of when television and movies got cyber wrong – and what actually happens in a cyber security centre.
Our early detection work helped prevent further infections to reduce the impact to the NHS estate.
The Cyber Security Operations Centre (CSOC) at NHS Digital has detected and blocked a number of malicious malware and trojans over the past few years using these techniques. Recently, we detected the TrickBot trojan, a powerful credential stealer originally developed in 2016 as a trojan for banking applications. Since its creation, TrickBot authors armed their malware with many additional capabilities (modules) that allow silent propagation across the network, evasion of anti-virus, and communication with command and control (C2) servers, to harvest and exfiltrate a range of sensitive data. Our early detection work helped prevent further infections to reduce the impact to the NHS estate.
We have to 'play by the rules' – everything we do needs to be legal and ethical. Criminals do not care about either of these things.
Real criminals know this, so they go for small amounts of data which could go unnoticed more easily. For example, they might start a phishing campaign which contains a malicious file that is downloaded on to an end user’s computer. It could sit dormant for weeks or months before someone takes a simple action, like opening a particular file, which then causes the malicious file to execute and either:
As part of our Keep I.T Confidential cyber security campaign, we've highlighted some examples of different cyber security threats that we all need to be aware of. Find out about weak passwords, phishing, tailgating, unlocked screens and social engineering.
Cyber security still has an out-dated image of being a masculine profession. Charlotte Roe, Cyber Security Apprentice at NHS Digital, talks about her job and why women are needed in the world of cyber.
NHS Digital's Peter Robinson takes us through his journey from apprentice to professional within the Cyber Security team.