The NHS was just one of the victims in the major international WannaCry attack that took place in May this year. Close to 600 GP surgeries and over 80 NHS trusts were affected, with many resorting to pen and paper and sending patients away. The attack, which affected upwards of 100,000 organisations worldwide, is thought to have been the biggest online extortion attack in recorded history. However, a recent Government report has revealed that the NHS could have prevented falling victim to the attack if it had followed some basic cybersecurity measures.
The report showed that 88 out of 236 NHS trusts did not pass the required cyber-security standards. The Department of Health had warned trusts back in 2014 that they needed to move away from old, vulnerable software. The Government report states that trusts were without proper firewalls, did not update and patch their systems, and simply did not take cybersecurity seriously enough. The attack was unsophisticated and was successful because of the lack of cybersecurity measures.
Ciaran Martin, Director of General Cyber Security at GCHQ, has said that very basic security rules need to be followed including using anti-virus software and making sure that data is backed up. With this in mind, we thought we’d offer some retrospective advice to the NHS about how to better protect their systems. Below are the 4 RISC IT products that could’ve prevented the NHS attack.
Data Backup is your first and last line of defence. In the event of infection from Wannacry, Cryptolocker or any other virus, if you have Backup you can wipe your machine and restore your data from a point prior to infection.
Clunk Click Online Pro, our backup software, allows you to choose which data you’d like to backup and how often. The backups are scheduled, and you will have daily notifications letting you know the status of your backups. In an event of data loss, you can instantly access your data via a web browser and restore it back onto your local device or server.
2. Full System Recovery
In the event of WannaCry you’d still need to remove it from your system and, where the NHS was concerned, cleaning all servers would have taken valuable lifesaving time. This is where Disaster Recovery (DR) comes in.
There are two different types of Disaster Recovery available: Warm State and Hot State. On the set up of either, we take a Full System Backup of your physical server’s configurations and settings and install them onto a Virtual Machine (VM) in our datacentre. This means you have a pre-configured server ready to restore your data to.
Clunk Click Warm State DR
Warm State Disaster Recovery means that in a data loss scenario, we turn on the pre-configured VM and restore data from your last Backup.
Clunk Click Hot State DR
Hot State Disaster Recovery, means that the pre-configured VM is continually running and after each backup is completed, a copy will be placed onto your VM, meaning in the event of a disaster you can get your business up and running in no time at all.
For an organisation like the NHS, Clunk Click Hot State DR would have been most suitable. When struck with the WannaCry virus, they could’ve quickly transferred to the VM, causing minimum operational disruption and downtime whilst they removed the virus from their system. After removal they could’ve either kept working from the VM or moved all data back down to their physical servers.
3. ESET Antivirus
ESET is a professional antivirus solution; its record in stopping in-the-wild viruses in VB100 tests is unmatched. ESET has low resource consumption meaning that there’s no lagging or delay so you can continue with work as normal. If the NHS had ESET properly set up and configured on their system, the virus would have been prevented.
4. Mako Routers
Mako are business grade routers with a secure firewall. The Central Management System can only be accessed by the administrator through a secure web browser; unauthorised personnel are unable to alter settings or cause disruption. With Mako you can set up Firewall / Content filter rules to block known or bad malware domains.
5. Office 365
In late 2016 90% of England’s NHS trusts were still using Microsoft XP even though the security patches for that OS stopped in 2014. Whilst we appreciate that there were budgetary constraints that meant the NHS didn’t upgrade, if they had Office 365, they would’ve always been up to date with the latest versions of software and security patches.
6. Advanced Threat Protection with Office 365
With the addition of Advanced Threat Protection, the virus would’ve been detected and deleted before infection could’ve spread.
URL Detonation scans users’ URL links to detect malicious activity. When a URL is received via email, ATP will automatically scan the link for malicious behaviour and a reputation check. If the link is found to be malicious, the user will be warned not to open the link.
Safe Attachments work in a similar way to URL Detonation by scanning email attachments for malicious behaviour. All attachments go through a real-time behavioural analysis to separate malicious attachments from genuine ones. All identified unsafe attachments will be detonated.