The Importance of Secure Data Storage
In opinon / By Lydia Cooper / 23 October 2017
What can we Learn from the NHS Ransome Attack?
What is a Data Breach?
A data breach is an event where confidential, protected or sensitive data has potentially been in the hands of an unauthorised person. In most cases the data is either viewed, stolen or used by the said individual. Data breaches usually involve personal health information (PHI), personally identifiable information (PII), industry secrets or intellectual property.
A data breach isn’t an uncommon occurrence. They happen every day, in a range of different industries and workplaces. Infact, just recently the globe had seen one of the biggest ‘Ransomware’ cyberattacks in history. This cyberattack infected 300,000 computers in 150 countries, debilitating the NHS and crippling international shippers, FedEx (many more businesses were also affected). It was thought that the hacking tools used during the attack were developed by the US National Security Agency.
What was the Ransomware Attack and How Did it Happen?
This ransomware attack happened in May 2017, and is known as WanaCrypt0r 2.0, WannaCry and WCry. It was often delivered as an attachment via an email, tricking the recipient into opening the attachments. Once the attachment was opened, it released the malware onto their system through a technique known as phishing.
After the malware was released onto the computer, it locked up the files and any other sensitive data, encrypting them in a way that meant users were unable access the files. In order to regain access, it then demanded payment of £262 in BitCoin. However, there was no guarantee that access would be granted after a BitCoin payment was made. There were also reports of ransomware encrypting files and upping the stakes after a few days, as it demanded more money and threatened to delete files and sensitive data altogether.
Why was the NHS so badly affected?
The NHS was one of the worst affected victims of WCry, and it found entrance by exploiting a the ‘EternalBlue’ vulnerability in Microsoft’s application of the Server Message Block (SMB) protocol. The vulnerability allowed various versions of Microsoft Windows misconducts, which were specially crafted in packets from remote attackers, allowing them to execute arbitrary codes on the targeted computer.
40 NHS trusts were infected by the WannaCry ransomware attack, resulting in them having to postpone operations and procedures. Seven hospitals remained on A&E divert two days later, and ambulances had to take emergency patients elsewhere. The full scale of the attack on the NHS only become apparent four days later after employees returned to work. NHS colleagues had to write down patients details using pen and paper.
What can we learn from the WannaCry Ransome attack?
According to a study by Computer Weekly, 70% of businesses do not fully understand the risks associated with data breaches. What’s more is the study had shown that the majority of incident response plans for data breaches were more reactive than proactive, which arguably increases the risk of a data breach. This reactive response plan put in place by the NHS has shown that industries need to take a prevention rather than cure approach when it comes to data breaches.
How can Businesses Protect Themselves from Data Breaches?
Ensure your computer software is always up-to-date
Since its release in 2001, Windows XP was a perennial favourite, with many industries relying on this operating system for just under two decades. However, Microsoft officially discontinued support for the Windows XP Operating System in 2014. You can see the problem here - with technology advancing and many businesses relying on a dated version of Windows XP, industries like the NHS weren’t eligible for the security updates built for Windows 7 and onwards.
It was this flaw that enabled WannaCry to infect so over 300,000 computers in such a short space of time. The Government were criticised for cutting NHS funding, consequentially leaving their out of date operating systems. When it comes to budget cuts, the IT budget is the first one to get slashed. Operating system licenses aren’t cheap, but when the IT budget shrinks, computers aren’t updated, them vulnerable to an attack, therefore breaching their private and sensitive data.
Ensure all Sensitive Data is Backed Up
During the WannaCry attack, 33% (2,000 of 6,000) of the NHS’s computers were infected, as well as their central system. Alongside this, it is thought that 70,000 devices including MRI scanners, theatre equipment and blood storage fridges. The data encrypted by the malware was never recovered, putting thousands of patients at risk. Patient records alongside other integral pieces of information was lost, and the NHS did not back any of it up.
It could be argued that if they were given funding to back up their sensitive information in a secure data storage cloud, the damage from the attack wouldn’t be anywhere near as extensive. The majority of cloud storage providers apply their own encryption to the data during transit. This means there is an extra barrier protecting the sensitive information from hackers. Businesses also have the option to apply their own encryption to the data placed in cloud storage, leaving them in control of the security of the key. This is one of the most secure ways to back-up a business’s data, as you are in charge of the key.
Take a Preventative Approach
What makes hackers so clever is the fact that they can find their way into the most encrypted software and systems. In order to safeguard your company, you should put a procedure in place outlining exactly how you will deal with the situation. If you have backups ready, it makes it much easier to come up with a plan.
Get in touch with Nasstar today to discuss your business’s data storage needs.