What could have been done to prevent the WannaCry ransomware attack on the NHS?

Last week, the NHS saw one of the biggest cyber-attacks to date, encrypting over 230,000 computers in almost 150 countries. Although the attack was stopped, the ransomware was able to drastically impact the operation of many NHS Trusts, including GP surgeries, hospitals and more. There is no denying that the rapidly spreading WannaCry has shaped the future of cyber-security across the world, but the question is knowing what we know now, what could have been done to prevent the attack and how can we ensure we are protected in the future?

What is WannaCry?

WannaCry (or WannaCrypt) is a ransomware programme that targets Microsoft’s Windows operating system, usually infecting computers through a phishing email or by targeting vulnerabilities in unpatched systems as a computer worm. Although it is not clear who was behind this attack, the ransomware encrypts data on the computer, demanding ransom payments in the form of cryptocurrency Bitcoin, which can be incredibly difficult to track.

What can be done to prevent ransomware attacks like this?

Investigations suggest that the WannaCry ransomware software first entered NHS systems through a vulnerability in the outdated Windows XP operating system, of which Microsoft ended official support in 2014. These means that computers still operating on Windows XP or early Windows Server operating systems did not receive the recent patch that was released for current operating systems, which could have prevented the wide-spread infection.

Microsoft has since taken steps to prevent the spread of the malware by releasing a fix for versions of Windows that it had previously retired, including the once highly popular Windows XP. It seems that this vulnerability served as the main entry point for the ransomware, suggesting that, had the systems been kept up to date and had the proper security software in place, the breach could have been avoided.

Learning from the attack

In light of the attack, the NHS are working with cyber-security firms to increase their cyber-security and remove vulnerabilities like this to prevent future attacks. Microsoft have also taken steps to protect all users against threats by releasing updates for the majority of current and retired systems which removes this fatal flaw,    but they advise that all users take extreme caution with emails from an unknown sender, especially those containing suspicious documents or links. The best practise is to protect your computer with an up-to-date antivirus, and making sure that your computer is running the latest version of a supported operating system.

Protecting your business

If you’re in a business environment, the best option is to consult a cyber-security expert who will be able to work with you to establish security procedures and implement protection software, backed up by a secure back-up solution to ensure that you are protected in the event of a disaster.

To find out more, speak to a member of our cyber-security team on 0207 653 9780.

Bespoke vs off-the-shelf solutions: Which is right for you?

If you’ve decided to migrate your network infrastructure to the cloud, then you will need to work out which solution is the best to meet your requirements. It can be tempted to opt for what seems to be the simplest option – an off-the-shelf solution. Although in some cases, an out-of-the-box solution may be adequate, there are a number of considerations to think about when deciding which solution is right for your business.

What levels of support are offered?

It’s important to choose a solution that offers high levels of support if you want to avoid downtime and increase the efficiency of your IT systems. There are bound to be times where you encounter problems, and looking at the support that the solution offers will give you an indication as to recovery time if systems go down, and whether backup options will be sufficient to meet the fast, easy recovery you might need. Bespoke solutions offer a designated account manager who will be able to advise you specifically on issues and often find a faster resolution as they will offer a more personal, responsive service.

Security levels and data protection

Data protection is imperative to maintaining not only a strong brand image and good customer relationships, but it’s a legal requirement which can leave businesses facing fines and legal action if they fail to adhere to national guidelines. Off-the-shelf services often share servers which can leave your data more vulnerable than having your own bespoke setup in the cloud. Whatever solution you decide is best, it’s important that the provider understands your requirements such as the volume of data you hold at any given time and how it will be handled.

Capacity and service impact

Bandwidth can also affect which solution is the best fit for you. Generic servers will be sharing bandwidth, meaning that the speed you can operate backups can be affected quite significantly if there are many different companies using the bandwidth at any given time. This can cause slower service, which can often be avoided with a bespoke solution, which can in turn lead to greater overall productivity.

One size doesn’t always fit all

Depending on your company’s requirements, one size doesn’t necessarily fit all. Every business will vary, and off-the-shelf solutions can leave you with slower, less personal service that doesn’t cater to your exact needs as well as a tailored solution could. It’s worth discussing with your IT department or partner what their recommendations would be and how different solutions could fit with what you need.

help4IT are here to help if you need advice, or want to find out more about bespoke IT services. You can give us a call today on 0207 653 9780.

Close Button

Contact Us

  • This field is for validation purposes and should be left unchanged.
Contact Us scroll