Life Since Covid – Why Cyber Security is Critical to the UK’s Health and Care Sector
If we’re to take any comfort out of what has been a truly terrible 2020, it’s in the remarkable work of the NHS. We’re all indebted to the tireless efforts of staff on the front line, and behind the scenes, that make this institution the envy of the world. Yet one day, hopefully soon, the pandemic will recede. When it does, we all want the health service that emerges on the other side to be a more resilient, efficient, digitally advanced organisation. This makes effective cyber security absolutely critical to the future of the UK’s health and care sector.
In a new Socura report, we highlight exactly what people, process and technology challenges the sector is facing today and offer our advice on how they can be overcome. The good news is that major improvements can be made without breaking the bank.
A long way
NHS cyber security has come a long way since the WannaCry attacks of 2017, when a state-backed campaign disrupted the delivery of health and care across the organisation. But the technology and threat landscape has also shifted considerably since then. IT staff shortages due to sickness and self-isolation are a real challenge today. And remote working has surged due to the continued decentralisation of care and COVID-related work-from-home (WFH) orders. Unfortunately, these WFH workers are also more vulnerable to social engineering and attacks targeting remote access infrastructure. Endpoint visibility challenges, security tool sprawl and creaking VPN infrastructure have further increased the pressure on NHS IT bosses.
At the same time, the attack surface of health and care organisations continues to grow due to investments in IoT devices which can be hard to patch and run insecure default configurations. Financially motivated cyber-criminals have shown through the crisis that they are more than willing to put lives at risk by attacking hospitals. Increasingly, they’re using APT-style techniques to steal data and deploy ransomware, in the hope of generating bigger pay-offs.
What happens next?
As we outline in the paper, best practices will help to prevent the majority of commodity attacks. Many of these are outlined in the government’s Cyber Essentials Plus scheme and the Data Security and Protection Toolkit (DSPT). They include effective patch management, endpoint anti-malware, end user awareness and training programmes, tight access controls, multi-factor authentication and much more. The NHS Secure Boundary service is also a fantastic development which will help to protect trusts at the perimeter.
However, these measures may not stop the more sophisticated, targeted threats. That means health and care organisations must rebalance their approach from one based around protection to one featuring a greater focus on threat detection and response. Our advice can be summarised in three basic points:
- Understand what assets your organisation holds via a regularly updated inventory—because you can’t protect what you can’t see.
- Collect and centralise as much security telemetry from these assets as possible.
- Invest in services that can analyse this telemetry and spot the anomalous patterns indicative of unauthorised activity. These same services should also be able to remediate and contain any newly discovered threats.
The case for MDR
Managed Detection and Response (MDR) is an increasingly attractive option to help achieve these broad aims; not just for healthcare but organisations across all sectors. It means you can effectively extend your threat detection and response capability to a team of external experts who work closely with your in-house security staff. Doing so means you can take advantage of the economies of scale a specialist can offer, and the extra insight into the threat landscape they get from servicing multiple customers.
Be sure to look for a provider capable of collecting data from across the entire organisation, including cloud environments. That data must ideally go back a year, for maximum visibility—so your provider needs a cost-effective way to collect and store it. The best MDR services, like those offered by Socura, work as a natural extension of your own team, reacting fast via automation to minimise attacker dwell time and reduce cyber risk.
With a secure foundation built on good practice and MDR, the NHS will have the confidence to forge ahead with digital transformation in the coming years. That’s just what we need to empower staff and deliver the best possible health and care services as we enter the post-pandemic era.
To read the full Socura report, please visit https://socura.co.uk/addressing-nhs-post-pandemic-cyber-security-challenges