Organisations struggling with cyber security should learn from NHS guidance, suggests Databarracks

Organisations struggling with cyber security should learn from NHS guidance, suggests Databarracks
16.05.2018 11:34 am

Organisations struggling with cyber security should learn from NHS guidance, suggests Databarracks


Organisations struggling to improve cyber security defences, should take note of the recommendations proposed by a select committee report into last year’s WannaCry ransomware epidemic. This is according to Peter Groucutt, managing director of Databarracks.    

During the months which followed the WannaCry ransomware attack, the House of Commons’ influential Public Accounts Committee (PAC) issued a report outlining 22 clear and concise recommendations for the NHS to undertake to improve its cyber security practices. While it has recently been reported that the NHS is yet to implement a single recommendation, Groucutt believes that other organisations, notably small businesses, can use the findings to improve their own cyber defences:  

“The NHS’s failure to implement any of the recommendations provided by the select committee, is indicative of wider struggles which still exist amongst organisations, when it comes to good cyber security.  

“Recently, the Government published findings from its Cyber Security Breaches Survey 2018. The data revealed that a lot of organisations remain in the dark when it comes to finding trusted advice for improving cyber security. This was further emphasised by the fact that from a sample of over 1,500 businesses, only nine per cent were aware of initiatives such as the Cyber Essentials Scheme. It’s imperative that firms take advantage of these free and easily-accessible resources to improve their cyber security.” 

The select committee report into the WannaCry attack is an excellent source of information and advice, for firms wanting to improve their cyber security defences. Looking at these findings, Groucutt has picked out several key recommendations which firms can and should act on: 

“The report highlighted that the NHS was not prepared for WannaCry and that there is a long way to go before agreed, prioritised and costed plans for improving cyber security are put in place. For smaller businesses, however, this can often be a much easier exercise. When it comes to prioritising and costing your plan, this should include preventative measures and technologies such as anti-spam / anti-virus software, patching and software upgrades, user awareness training, and a backup and recovery plan that is fit to protect against modern threats, such as ransomware. If you’re unsure about your priorities, testing – carried out by an external, third party – can identify where weak spots within the business lie.”

Groucutt continues: “Arguably, one of the biggest concerns highlighted by the select committee, was the NHS’ use of legacy software. As far back as April 2014, NHS trusts had been warned to migrate over from old software such as Windows XP. Yet at the time of WannaCry, five per cent of the NHS IT estate was still using Windows XP. There were further warnings in 2016 and even in March and April 2017, just before the attack, as NHS Digital issued warnings to trusts to secure their Windows operating systems. While it is easy for organisations to become confused by the choice of security options available, it’s vital to not neglect the basics. This starts with reviewing and auditing existing IT infrastructures and updating software accordingly.  

“Finally, the report detailed that communication during the attack was not co-ordinated, with no alternative communication methods in place after email was switched off. This is a common issue faced by SMEs – the key though, is to plan ahead. Emergency or Mass Communication plans do not have to be complex but do require thought and planning to make sure that you have determined an alternative method to communicate and also provide alternative contact information. For firms looking to do this on a budget, we have actually created a guide to address this very issue.”

Groucutt concludes: “A lot of organisations do not get the opportunity to have a complete review undertaken of their security practices. While the NHS has come under scrutiny for not making the necessary reforms needed to its cyber security practices, that’s not to say that others can’t. This is an incredibly detailed report – and for those struggling with cyber security, a lot of useful advice can be taken and applied to their own businesses.” 

Related News

Akamai Credential Stuffing Report Shows Financial Services Industry Under Constant Attack From Automated Account Takeover Tools

According to the Akamai 2018 State of the Internet / Security Credential Stuffing Attacks report, worldwide malicious login attempts are on the rise. Findings from the... Read more »

Cryptomathic supports Deutsche Post Qualified Electronic Signatures

Deutsche Post has entered the era of end-to-end digitalization by extending its Postident digital identity management services with Qualified Electronic Signatures (QES),... Read more »

Gemalto and R3 pilot blockchain technology to put users in control of their Digital ID

Who are you, and can you prove it? The new Gemalto Trust ID Network enables users to give digital service providers fully verified and secured answers to these simple... Read more »

VCW Expands Operations To Meet Increasing Demand

VCW Security is expanding to meet the increasing demand for IT securityand infrastructure management solutions.  The company has announced the appointment of Mark Thomas as... Read more »

Fido Alliance introduces biometric certification programme

Biometric user verification has become a popular way to replace passwords and PINs, but the lack of an industry-defined programme to validate performance claims has led to... Read more »

Thales and Gemalto are granted Regulatory Clearance by the Committee on Foreign Investment in the United States (CFIUS)

Reference is made to the joint press release by Thales (Euronext Paris: HO) and Gemalto (Euronext Amsterdam and Paris: GTO) dated 27 March 2018 in relation to the launch of the... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App