WannaCry worm ransomware attack should be a wake-up call to improve NHS cybersecurity
The ‘WannaCry’ worm ransomware attack which hit 48 NHS trusts across the country on 13 May, could be the most damaging and disruptive cyberattacks to date, and according to some, could be just a taste of what is to come unless organisations start taking the cybersecurity more seriously.
The NHS was not the only organisation hit. Across the globe there were around 2,000 victims, including some other high-profile firms including telecommunications giant Telefonica, French car maker, Renault, and the Nissan plant in Sunderland, which were also affected.
Microsoft said that the ransomware attack should serve as a ‘wake-up call’ for firms to ensure their IT systems are up to date.
So what lessons should be learned from this latest cyberattack, and what should be done to prevent further attacks to our critical infrastructure in the future? Experts from ForeScout, Crowdstrike, Vectra, Maintel all gave us their views.
Before that though, it is worth noting that in the days following the incident the government faced criticism, with NHS sources claiming that under-funding and the use of the outdated Microsoft system, Windows XP, were major contributory factors for the malware taking hold. A lack IT specialists and over-stretched IT teams were also a major factor, an NHS spokesperson, talking to the Financial Times commented.
Rehana Azam, GMB National Secretary added that to find “vital NHS IT systems so chronically under-prepared for this kind of attack – with some even running windows XP – is extremely worrying.”
He added that when hospitals are so overstretched they are turning patients away, it’s hard to find the time and resources for cybersecurity.
Defence Secretary Amber Rudd said that the attack appeared ‘random and unsophisticated’, and also admitted that Microsoft Windows XP was “not a good platform” for keeping data secure.
One of the biggest problems according to cybersecurity experts, is to do with passwords or the lack thereof.
On this point, Myles Bray, EMEA VP, ForeScout Technologies Inc. commented:
“Things like MRI machines, operating room equipment, security cameras, patient monitors and wireless printers often come with a default password, and unless they are regularly updated with the latest security software, offer a vulnerable back door into an organisation’s wider systems.
“The only way to protect against this is to have complete visibility of all devices on a network at all times, and the ability to understand and control the devices and their levels of access across the organisation’s network. Given the lack of security built into many devices from manufacturers, this is something that organisations like the NHS need to apply for themselves.”
Mike East (pictured right) VP EMEA, at cloud-delivered endpoint protection company, CrowdStrike added:
“Without the defences in place, once ransomware has initiated, the chances are it is already too late to recover that data set. Obviously, robust backups are a foundational best practice to prepare for ransomware attacks, but they are no panacea.”
He went on to say that variants like Locky, Samas and KeRanger are “acting as harbingers of future ransomware attacks that can also delete or damage backups. The best medicine for treating ransomware will be preventing an infection in the first place.”
“The best defence to wide scale cybersecurity is a crowdsourced response. This is about pulling together what we have learnt on one machine, one endpoint and applying that learning to help defend other networks. Once this attack is over, the next step has to be attribution and bringing the perpetrator to justice.”
Gérard Bauer, Vice President EMEA at Vectra Networks, meanwhile commented that the UK’s government’s strategy to make the NHS paperless and digitise all patient data, means that UK hospitals “represent a tantalising target for cybercriminals”.
“The ongoing proliferation of poorly secured IoT-connected devices in the NHS hasn’t helped either and can provide an easy backdoor for malicious hackers. Without robust security defences in place, sensitive patient data and connected medical devices are ripe for the picking,” he said.
Regarding the mitigation of such attacks in the future, Bauer said that the NHS and key infrastructure providers alike must realise that traditional perimeter defences are not enough.
“Leveraging the latest technologies, such as machine learning and advanced behavioural analytics, organisations can automate the tracking of an attacker’s activities inside a network before a ransomware action brings down essential systems. Placing a focus on where and how to intervene minimises the time patients are endangered and reduces the impact of a given threat. Any subsequent attempts at remote control of the compromised device will also be spotted using this behavioural approach to security detection,” Bauer continued.
Finally, Jean-Frederic Karcher (pictured left), Head of Security at Maintel commented that given the NHS is using “very old legacy systems” which are “extremely vulnerable”, the attack should not come as a surprise to the security community.
“This NHS attack is further proof of the rise of ransomware. Ransomware has increased three-fold from 2015 at 1000 attacks a day to 4000 attacks a day in 2017, and shows no signs of slowing down. It will be one of the top three malicious software to watch out for in the coming year and with impact across sectors and society. The right security measures including threat detection must be put into place to ensure businesses, their employees, and customers are kept safe.”