On Friday, Britain’s most relied upon service was met by a threat that had been predicted many years prior to the event. The NHS was hindered by a ransomware attack which caused patients being unable to attend appointments, have procedures carried out and limitations to crucial medical records.
Ransomware encrypts user information and then demands payment before enabling access to the data. 11 out of 47 trusts were affected by the malicious software, as well as various organisations around the globe.
And now, those in charge are being questioned why this was able to happen in the first place. This attack has highlighted the urgency for private and public sector organisations to make the shift to digital transformation in order to meet today’s standards in terms of consumer expectations and security.
What’s even more shocking, is that the NHS isn’t the only critical national infrastructure provider that runs on outdated security platforms and operating systems like Windows XP – which no longer receives automatic software updates.
This needs to be a lesson for all public (and private) sectors who are not investing in the technology, kit and skills that meet today’s standards.
Security Minister, Ben Wallace, has previously insisted that NHS trusts have enough money to protect themselves against cyber-attacks. The “real key” was whether trusts had regularly backed up data and whether they were installing security patches, he said.
This strategy for manual back-ups and updates is not efficient for organisations to rely on. This has been proven with this recent attack. And despite the ransomware being halted by an accidental hero, it has been stressed that this is not the end.
Organisations that rely so heavily on their IT infrastructure need to reconsider whether the procedures they currently have in place are efficient of the security standards. Automated backups and disaster recovery should’ve been at the forefront of the NHS’ IT set-up.
A main consideration that now needs to be strategically looked at is the implementation of a Disaster Recovery process. With a Disaster Recovery system in place, data and desktop will be readily available regardless of the disaster in hand through the process of automatic backups being carried out continuously.
As a result, the process of manually recovering critical data is removed.
Atlas Cloud’s Disaster Recovery (DRaaS) solution, which is powered by industry-leader Zerto, can provide your business critical data within 15 minutes of invocation. This means systems can be restored back to the point before the virus was opened.
In addition to this, the introduction of automated backups is vital. Simultaneous backups that are stored in an off-premise, secure environment is the key to ensure that an effective Disaster Recovery strategy is implemented to the full effect.
With budget already tight, the NHS need to consider an approach to digitisation that will offer value. By opting for cloud-based data storage, they will be able to scale their service to ensure that the backup system meets budget and data demands.
“Most ransomware attacks can be avoided through good cyber hygiene and effective, regular data backups that are continually tested to ensure they can be restored if needed. Our recommendation is that businesses need to be proactive because the decryption keys are not always provided when ransoms are paid and being proactive is often easier and less costly than a reactive approach.”
– RAJ SAMANI, CTO FOR EUROPE AT INTEL SECURITY