With over 200,000 infected computers over the weekend, Cyber-attacks are now being seen as the new modern day war zone.
With the outbreak of WannaCry Ransomware on Friday and with the sheer volume of infected computers, hospitals across the UK were hit by a large-scale cyber attack that disrupted services throughout the weekend. NHS staff returning to work today where still unsure about the state of their IT systems, after a Malware attack affected many operating services and administration systems. Many hospital trusts are still suffering ongoing disruptions today and are not operating at their full capacity, where appointments and surgeries have been postponed or cancelled.
IT staff have worked around the clock over the weekend trying to resolve
issues, access their computers and enter medical databases to maintain
patient safety and keep hospitals functioning; but with over 200,000
computers effected worldwide the scale of the attack is tremendous and in fact didn't just single out our NHS trusts. What it has done, is exposed the many institutions in the UK who don’t do enough to keep their networks safe.
Any IT department running old operating systems with Windows XP have been hit and have suffered significant IT system problems making the health service impossible to run. By Friday lunch time many hospital computer screens where frozen displaying the below ransom message; the malware message was spreading throughout the NHS service every time a document was shared.
The attack can only be described as a 'wake up call' and showed how without the right talent and proper funding in place, ICT departments are more open to these types of attacks, inevitably becoming more frequent and more sophisticated because we are not investing into our IT departments, there is a lack of training and development of staff. Teams across the country have faced a tough challenge today, with the fear of a second attack eminent, it’s unclear how long things will take to fix. What has also become clear, is that Friday's attack managed to spread so easily because IT departments did not maintain effective security measures. By ignoring simple patch updates, and not realising the security implications of running old software on latest browsers and OS, it became apparent quite quickly that many departments did not even have a clear understanding of how their own firewalls worked; I am surprised this attack didn’t happen any sooner.
The reports from Sky news on Friday revealed the full extent and lack of cyber security investment. NHS trusts reported that their annual spend on cyber security was £22,000. At the same time, 43 trusts admitted they couldn’t specify if they had this annual spend in place or not.
It is sad to hear how underfunded our NHS organisations are, with cyber security an everyday growing threat, it needs to become a number No1 business priority and it clearly isn’t. With this in mind, I do however feel we simply cannot solely blame ICT support; It is clear that the investment priorities of senior NHS staff also need to move to the 21st Century. You simply cannot build a robust EPR (Enterprise Resource Planning) system on crumbling foundations. I really hope that this weekend’s events will be enough to make senior staff realise how important good data, infrastructure, and governance are to good patient care.
Today we spoke to Alex Froude, Team lead in ICT and Telecoms at CBSbutler who had some real insight to how recruitment will be effected..
“This morning saw a spike in demand for qualified ethical hackers. With cyber-attacks becoming more sophisticated and harder to prevent, we are finding companies are looking for highly skilled IT specialists that can implement strategies to prevent this.
The attacks have clearly highlighted the holes within commercial IT infrastructure, and we need to learn from this and quickly upgrade our IT systems. With the current need to hire more specialist contractors we need to make sure that they are being incentivised in accepting jobs in the public sector, only then are you guaranteed of getting the best skilled, working on your IT systems".
It is interesting that Alex Froude has pointed out how cyber security has become a numbers game. If the public sector is going to win the cyber security war then they really need to attract the right talent by offering a significant uplift in pay rates. The scale of this attack has highlighted the importance of service segregation, back up strategies and patching. Investment in basic ICT needs to be a priority.
Antonio King, IT Manager who has run the IT department here at CBSbutler for 12 years, has a wealth of experience in maintaining the company's IT systems, he summed up the situation perfectly today by saying…
“It is incredible that so many large and even state-run organisations have fallen foul to this attack! Some basic cyber security steps could and should have been in place.
Budget constraints seem to be the main reason preventative security was not in place, but in the year 2017, I.T. is no longer the department to be neglected!
Mail filtering, web filtering, anti-virus/anti-malware, firewalls, keeping systems up-to-date with the latest patches and cyber security user training are the reasons we have not become victims of the attack.”
Well some say the threat isn’t over;
With 48 NHS trusts reporting problems in the UK other organisations have
been targeted worldwide, including Germany’s rail network Detsche Bahn, Spanish telecommunications operator Telefonica, French car maker Renault, US logistics giant FedEX and Russia’s interior Ministry.
There are clear indications that a second malware attack could happen if tight security measures are not implemented. So now is the time to make a change, security isn’t easy, and tough changes and hires will need to be made. With cyber criminals getting more sophisticated with their attacks so must we with our security and our specialist hires.
Here at CBSbutler we are constantly looking to connect our clients with the industry's best talent. We can help find your cyber security front line as we have a proven track record of providing specialists into infrastructure, software, ICT systems and internet businesses. We take great pride in our search and selection processes when identifying candidates.
With this heightened tension in the cyber security market we've supplied a link from Mcafee outlining the best way to protect yourselves against attack.
Read McAfee’s 10 Tips to stay safe Online