Cloud Backup

We`re just sending through your details

Please give us a few moments whilst we get your account ready.


National Health Service in National Cyber-Security Crisis

National Health Service in National Cyber-Security Crisis

posted in RansomwareUncategorized @en-za ● 8 Oct 2017

The WannaCry ransomware attacks that took place in May 2017, gripped the nation, rendering businesses, schools and public authorities powerless against the infection. Amongst the reported 300,000 organisations was the British National Health Service (NHS). An organisation already under strain from tight budgets, growing demands and a 24-hour schedule.

The National Audit Office (NAO) has confirmed some of the extent of the attack and the damage caused, however, stating that the full extent and cost would never be truly known. WannaCry began on Friday 12th May and over the following weekend some 19,500 appointments were forced into cancellation; 600 surgeries had no access to computer systems during the period and at least 5 hospitals had to divert ambulances while they attempted to regain access to systems.

“Basic IT Security”

The attack itself contained strains of code that allowed it to act as a ‘worm’ and spread from one infected machine to another silently across a network. This meant that a single infected machine on the network of a trust, put the entire network at risk and within hours a third of all NHS trusts had been infected.

In March and April of 2017, however, NHS Digital had warned all trusts to fix and patch the exact bug which was exploited during the Attack. Amyas Morse, Head of the National Audit Office since stating:

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

For an organisation that holds such huge quantities of highly sensitive data, the ease at which an attack could affect networks is worrying. In a recent parliamentary hearing Department of Health Officials admitted that all 200 trusts in the UK, had failed tests on cyber-security. And even with trusts beginning to act and implement further security measures, Rob Shaw, the NHS Digital deputy chief executive, still believes trusts are falling short of the ‘High bar’ set for cyber-security standards.

“The amount of effort it takes from NHS providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar. So, some of them have failed purely on patching which is what the vulnerability was around WannaCry.”                         – Rob Shaw, Deputy Chief Executive, NHS Digital

Protecting complex IT environments against cyber-threats

The NHS has a ‘complex’ structure of IT environments to protect, with many facilities and offices, a huge number of end-points and systems that need to be available 24/7. Any enterprise organisation with a similar environment would likely have implemented state of the art solutions to ensure protection but the NHS is under extreme budgetary pressures and IT systems are often done on the cheap. So how can the organisation handle its challenges and ensure the mistakes that lead to the WannaCry attack don’t happen again?

Patching and update schedules

As with WannaCry, patches and software updates are regularly released to protect against known vulnerabilities that can be exploited against attack. It is vital that when software and solutions providers release updates and patches, that users take advantage of them. Implementing a regular update and patching schedule will ensure that security features are up to date and exploits protected against.

Staff training

One of the biggest remaining vulnerabilities to IT environments is the users who have access. Ransomware attacks take advantage of this and email, malicious links and websites are all causes of infection. Training staff to be warier of these threats and to spot them will help improve the chances of staying secure and protected.

Off-site Backup

Not all infections or attacks can be stopped, no matter how advanced security systems are. That’s why it is vital to ensure that an off-site backup of data remains intact. The ability to quickly recover data on demand can mitigate the effects of a ransomware attack and allow IT, teams to get staff back to operational capacity quickly.

To find out more about the effects and causes of Ransomware, access the Redstor whitepaper here. Redstor has been a trusted provider of services to help manage and protect data for 20-years, in our time we have helped hundreds of organisations recover from Ransomware attacks and ensured the availability of platforms with our secure off-site cloud backup solutions. Find out more about Redstor backup and how it can help ensure recovery, here.

How third-party backup for OneNote and Class Notebooks avoids falling into non-compliance trap

If you use OneNote and Class Notebooks regularly, the prospect of waking up one day and finding that your notes have gone, is the stuff of nightmares.

Continue reading

5 ways to add real value to customers’ digital transformation initiatives by providing Kubernetes backup

Here we outline the five key elements CSPs and Azure consultancies need from a Kubernetes backup solution to add real value to customers’ digital transformation initiatives.

Continue reading

Microsoft 365 Security – An overview of best practices

The rise in home working, increase in laptops and wide-scale adoption of OneDrive, SharePoint , and OneNote has only served to intensify issues around data security and access.

Continue reading