The UK’s NHS remains at high risk from successful cyber-attacks unless it addresses the problem, says a cyber-security figure.
With the health service always under financial pressure, trusts are less likely to divert funds into this aspect of security, according to Noel Hannan of GoSecure UK. The company is a subsidiary of Dorset-based C3IA Solutions, one of the businesses certified by the new National Cyber Security Centre (NCSC).
Noel said that GoSecure UK’s Advanced Adversary Protection (AAP) system may have detected and defeated the recent attack at Barts Health NHS Trust before it had a chance to spread further and cause more damage. Staff there received a message saying that it had experienced a ‘ransomware attack’ that had affected four hospitals. To explain briefly, malware attacks usually rely on a staff member being fooled into installing malicious software, and because of innate human fallibility, the risk can never be erased no matter how much training is given.
The average time it takes to detect a compromise in a system is 146 days – according to security firm Mandiant – but GoSecure UK says that its system can detect and stop a ransomware attack in under two minutes.
Noel, pictured, said: “The latest cyber-attacks on the NHS in London reinforce the need for a layered approach to defence. It should include all elements, from advanced technical protection through to taking steps to increase the situational awareness of all staff.
“There are no ‘silver bullets’ in this environment and total protection relies on the constant vigilance of key staff and service suppliers. But it also requires the making of smart choices for partnerships, which reinforce security strategies and understand specific threat environments. Resilience to attack is the key – everyone is attacked in some way, at some point, and the organisations which recover in a timely manner with minimal loss of data, service and reputation are the ones which have understood that a contested environment is the ‘new normal’ and approach their security accordingly.
“In hospitals it is about protecting the patients whose personal data is at risk. Criminals will use any information to get what they want. Protecting patients should mean a comprehensive cyber-security strategy. GoSecure UK has a unique range of cyber security offerings which cover all levels of a defence in depth; from assurance activities – penetration testing, social engineering exercises, cyber security assessments and compliancy audits – to our keystone offering, Advanced Adversary Protection (AAP).
“AAP pairs a unique technology stack of cutting edge applications with skilled human hunter-killer operators who monitor networks and systems 24/7, looking for intrusion and stopping it stone dead.”
Visit www.c3ia.co.uk and www.gosecure.net.
