Skip to main content

NHS Cyber Attack – A Direct Result of Poor Cyber Hygiene

May 15, 2017

Nik Whitfield

Global ransomeware attacks on NHS IT systems spread quickly and are reported to be causing continued delays and disruption to NHS services.

Comments from Nik Whitfield, CEO of London HQ’d big data analytics firm Panaseer on this most public cyber security challenge,

“The chaos faced by the NHS is a direct result of poor cyber hygiene. The bigger the organisation, the more challenging it is to maintain ‘basics’, which include being clear on hardware assets, monitoring vulnerabilities and (crucially in this case) applying priority software patches.

“The underlying issue with cybercrime, is that the relationship between cybercriminals and organisations is asymmetric – the criminals only need to succeed once, whereas defenders have to get it right every single time. It is becoming increasingly impossible for organisations to be 100% secure – the key is ensuring that they are ‘secure enough’.  In a complex technology environment, like the NHS, cyber hygiene can be a huge challenge but the risk of neglecting it means that it was only a matter of time before an attack was successful.” More in this article from Information Age.

WannaCry has shown that organisations of all sizes are exposed to cyber security challenges such as the risk of destructive malware. While law enforcement focuses on tracking down the culprits, it’s critical that businesses aren’t distracted from the issue of how to protect themselves from future cyber attacks. Of course, addressing this vulnerability is vital in the short term. But the big lesson here for executives is about the importance of developing and maintaining cyber hygiene to manage exposure to the impact of these kind of attacks. This includes understanding the risks of old IT systems and decisions not to upgrade technology.

While WannaCry will dominate the headlines for a number of reasons, organisations don’t need to become experts in this kind of threat. It’s just like in healthcare. In general, people don’t need to know about every possible disease, we just need to eat well, stay hydrated, wash our hands and so on. Then, most of the time we’ll be fine. Similarly, when facing the cyber security challenge every organisation needs good cyber hygiene: they need to understand what assets they have, keep software up to date, patch regularly, and educate their employees. This can stop the vast majority of attacks.

More from Nik in this BBC report,