Organisations struggling with cyber security should learn from NHS guidance, suggests Databarracks

Organisations struggling with cyber security should learn from NHS guidance, suggests Databarracks
16.05.2018 11:34 am

Organisations struggling with cyber security should learn from NHS guidance, suggests Databarracks


Organisations struggling to improve cyber security defences, should take note of the recommendations proposed by a select committee report into last year’s WannaCry ransomware epidemic. This is according to Peter Groucutt, managing director of Databarracks.    

During the months which followed the WannaCry ransomware attack, the House of Commons’ influential Public Accounts Committee (PAC) issued a report outlining 22 clear and concise recommendations for the NHS to undertake to improve its cyber security practices. While it has recently been reported that the NHS is yet to implement a single recommendation, Groucutt believes that other organisations, notably small businesses, can use the findings to improve their own cyber defences:  

“The NHS’s failure to implement any of the recommendations provided by the select committee, is indicative of wider struggles which still exist amongst organisations, when it comes to good cyber security.  

“Recently, the Government published findings from its Cyber Security Breaches Survey 2018. The data revealed that a lot of organisations remain in the dark when it comes to finding trusted advice for improving cyber security. This was further emphasised by the fact that from a sample of over 1,500 businesses, only nine per cent were aware of initiatives such as the Cyber Essentials Scheme. It’s imperative that firms take advantage of these free and easily-accessible resources to improve their cyber security.” 

The select committee report into the WannaCry attack is an excellent source of information and advice, for firms wanting to improve their cyber security defences. Looking at these findings, Groucutt has picked out several key recommendations which firms can and should act on: 

“The report highlighted that the NHS was not prepared for WannaCry and that there is a long way to go before agreed, prioritised and costed plans for improving cyber security are put in place. For smaller businesses, however, this can often be a much easier exercise. When it comes to prioritising and costing your plan, this should include preventative measures and technologies such as anti-spam / anti-virus software, patching and software upgrades, user awareness training, and a backup and recovery plan that is fit to protect against modern threats, such as ransomware. If you’re unsure about your priorities, testing – carried out by an external, third party – can identify where weak spots within the business lie.”

Groucutt continues: “Arguably, one of the biggest concerns highlighted by the select committee, was the NHS’ use of legacy software. As far back as April 2014, NHS trusts had been warned to migrate over from old software such as Windows XP. Yet at the time of WannaCry, five per cent of the NHS IT estate was still using Windows XP. There were further warnings in 2016 and even in March and April 2017, just before the attack, as NHS Digital issued warnings to trusts to secure their Windows operating systems. While it is easy for organisations to become confused by the choice of security options available, it’s vital to not neglect the basics. This starts with reviewing and auditing existing IT infrastructures and updating software accordingly.  

“Finally, the report detailed that communication during the attack was not co-ordinated, with no alternative communication methods in place after email was switched off. This is a common issue faced by SMEs – the key though, is to plan ahead. Emergency or Mass Communication plans do not have to be complex but do require thought and planning to make sure that you have determined an alternative method to communicate and also provide alternative contact information. For firms looking to do this on a budget, we have actually created a guide to address this very issue.”

Groucutt concludes: “A lot of organisations do not get the opportunity to have a complete review undertaken of their security practices. While the NHS has come under scrutiny for not making the necessary reforms needed to its cyber security practices, that’s not to say that others can’t. This is an incredibly detailed report – and for those struggling with cyber security, a lot of useful advice can be taken and applied to their own businesses.” 

Related News

Kaspersky Lab shares Middle East, Turkey and Africa (META) 2018 Financial Insights and Predictions for 2019

The past year has been extremely eventful in terms of the digital threats faced by financial institutions: cybercrime groups have used new infiltration techniques, and the... Read more »


The CB Alerts portal, developed with Ethoca, allows ecommerce merchants to collaborate with card issuing banks in near-real-time to fight fraud, reduce chargebacks.

... Read more »

DTCC Offers One-Stop Solution For Securities Financing Transactions Reporting

The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, today announced that it has... Read more »

Cryptomathic and ZetesConfidens team up to deliver eIDAS-compliant remote qualified e-signatures as a service

Governments, banks and enterprises across Europe can now access everything they need to establish the highest level of non-repudiation in eIDAS-compliant remote Qualified... Read more »

Online shoppers more vulnerable to spam as the holidays inch closer

New research from cyber security provider F-Secure points to spam as an attack vector to watch out for this holiday season. Spam campaigns disguised as delivery notifications... Read more »

Bank Islam Brunei Darussalam Chooses Rambus to Secure Mobile Payments

 Rambus Inc. (NASDAQ: RMBS) a leader in digital security,... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App