This is not always easy to achieve with multiple disparate systems operating in an ‘always available’ environment. Patch management is an overriding theme for the recommendations.
There is a danger that relying on simply following a policy could become a tick-box exercise to comply with audits, rather than ensuring strategic security decisions are being made to adapt to new threats.
However, most of these recommendations are not mandated and are based around behaviour and process. Much has been written in the press about the central decisions being made to prevent a repeat of Wannacry. Awareness campaigns and training are being delivered to a receptive staff audience as threats are now taken a lot more seriously.
Non-IT staff in the NHS are also much more conscious of attacks. The evaluation of services and undertaking of risk reviews can only be a step in the right direction as local trust managers realise the important issues on the risk registers.įinally, the threat of incidents is now very much in the public mind. The excellent working relationship NHS IT staff have with industry vendors and partners should also be noted.Īnother worthwhile outcome is that cyber security now has a stronger focus at an executive board level in local trusts. The work that went into preventing the loss of service to patients and recovering from impacted sites should not be forgotten. The response from NHS staff should be highlighted as being exemplary. This blog takes a look at what has changed during the last 12 months, and what still needs to be done to ensure the risk of such a scenario happening again is minimised. Across the world, the attack also caused critical outages and generated plenty of global news coverage.
The UK National Health Service (NHS) was notably affected, with the result being cancelled patient treatments and long delays. In May 2017, the Wannacry outbreak caused significant disruption around the world. By Andrew Watson, Network and Security Systems Engineer, VMware
0 kommentar(er)
