Three Lessons from the NHS Cyber Attack
It’s less than a month since the highly publicised WannaCry cyber attack on the National Health Service (NHS) that saw IT systems across the UK infected with ransomware.
This is just the latest in a growing list of cyber attacks and it would be naive to think it will be the last such incident. This article looks at three of the lessons you and your organisation should take from the WannaCry cyber attack and the situation around it.
- This can happen to anyone
What the cyber attack displayed was that organisations of all sizes, from the largest to the smallest, must be prepared. Hacks have become part of our day to day conversations to the point where many may have developed a blasé attitude to them, almost an “it’s not going to happen to me” attitude, but the warnings are there. If massive organisations like the NHS can be affected what happens when hackers turn their attention to smaller organisations? Ransomware can impact organisations of all sizes regardless of their budgets.
- Be prepared
Training and education on cyber security are essential; the world is changing at a rapid pace in this respect and organisations need to stay informed. Organisations need to have policies and procedures in place in the event of cyber attacks.
The NHS went offline to stop the spread of the ransomware and was incredibly fortunate that a 22-year old analyst completely by chance found the solution and a killswitch to put a halt to the attack. But as these hacks become more sophisticated it’s probably not the best idea to rely on luck – which leads to the final lesson.
- Keep systems up to date
Following the attack, the Home Secretary, Amber Rudd, stated that the NHS must upgrade its IT systems to avoid a repeat of the incident. Health Secretary Jeremy Hunt was accused of ignoring warnings about the NHS’s outdated computer systems. The takeaway from this is that more people are becoming aware that old, out of date hardware and applications need to be looked at and, in many cases, replaced, within the NHS and other organisations that find themselves in similar situations.
Organisations should look at introducing stricter measures and do everything in their power to avoid potential cyber attacks.
How DCI Cyber Essentials can help
The first step to keeping your organisation safe from cyber attack is to be certified with DCI Cyber Essentials. Certification to the Government’s Cyber Essentials Scheme is a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks.