Cloud Backup
 

We`re just sending through your details

Please give us a few moments whilst we get your account ready.

OKAY

National Health Service in National Cyber-Security Crisis

National Health Service in National Cyber-Security Crisis

posted in RansomwareUncategorized @en-za ● 8 Oct 2017

The WannaCry ransomware attacks that took place in May 2017, gripped the nation, rendering businesses, schools and public authorities powerless against the infection. Amongst the reported 300,000 organisations was the British National Health Service (NHS). An organisation already under strain from tight budgets, growing demands and a 24-hour schedule.

The National Audit Office (NAO) has confirmed some of the extent of the attack and the damage caused, however, stating that the full extent and cost would never be truly known. WannaCry began on Friday 12th May and over the following weekend some 19,500 appointments were forced into cancellation; 600 surgeries had no access to computer systems during the period and at least 5 hospitals had to divert ambulances while they attempted to regain access to systems.

“Basic IT Security”

The attack itself contained strains of code that allowed it to act as a ‘worm’ and spread from one infected machine to another silently across a network. This meant that a single infected machine on the network of a trust, put the entire network at risk and within hours a third of all NHS trusts had been infected.

In March and April of 2017, however, NHS Digital had warned all trusts to fix and patch the exact bug which was exploited during the Attack. Amyas Morse, Head of the National Audit Office since stating:

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

For an organisation that holds such huge quantities of highly sensitive data, the ease at which an attack could affect networks is worrying. In a recent parliamentary hearing Department of Health Officials admitted that all 200 trusts in the UK, had failed tests on cyber-security. And even with trusts beginning to act and implement further security measures, Rob Shaw, the NHS Digital deputy chief executive, still believes trusts are falling short of the ‘High bar’ set for cyber-security standards.

“The amount of effort it takes from NHS providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar. So, some of them have failed purely on patching which is what the vulnerability was around WannaCry.”                         – Rob Shaw, Deputy Chief Executive, NHS Digital

Protecting complex IT environments against cyber-threats

The NHS has a ‘complex’ structure of IT environments to protect, with many facilities and offices, a huge number of end-points and systems that need to be available 24/7. Any enterprise organisation with a similar environment would likely have implemented state of the art solutions to ensure protection but the NHS is under extreme budgetary pressures and IT systems are often done on the cheap. So how can the organisation handle its challenges and ensure the mistakes that lead to the WannaCry attack don’t happen again?

Patching and update schedules

As with WannaCry, patches and software updates are regularly released to protect against known vulnerabilities that can be exploited against attack. It is vital that when software and solutions providers release updates and patches, that users take advantage of them. Implementing a regular update and patching schedule will ensure that security features are up to date and exploits protected against.

Staff training

One of the biggest remaining vulnerabilities to IT environments is the users who have access. Ransomware attacks take advantage of this and email, malicious links and websites are all causes of infection. Training staff to be warier of these threats and to spot them will help improve the chances of staying secure and protected.

Off-site Backup

Not all infections or attacks can be stopped, no matter how advanced security systems are. That’s why it is vital to ensure that an off-site backup of data remains intact. The ability to quickly recover data on demand can mitigate the effects of a ransomware attack and allow IT, teams to get staff back to operational capacity quickly.

To find out more about the effects and causes of Ransomware, access the Redstor whitepaper here. Redstor has been a trusted provider of services to help manage and protect data for 20-years, in our time we have helped hundreds of organisations recover from Ransomware attacks and ensured the availability of platforms with our secure off-site cloud backup solutions. Find out more about Redstor backup and how it can help ensure recovery, here.

How machine learning combats threats like the Kaseya ransomware attack that targeted MSPs

The recent ransomware attack on Kaseya, a cloud-based IT and security management provider services company that supplies tech-management tools to customers worldwide, has the potential to be the most serious cyber-criminal incident this year.

Continue reading

H1 updates create broadest platform support

Redstor adds AI and analytics to smart data management service and now offers support for OneNote, Kubernetes and Salesforce following major updates delivered in H1

Continue reading

Your Salesforce data protection responsibilities

Businesses often neglect the need to back up Salesforce in the belief that SaaS application vendors already provide all the data protection they need.

Continue reading