Categories
90% of health organisations around the world were targeted by cyber-attacks, in the three months to 30th June compared with the first three months of 2022, according to Kroll Consultancy.
HM Government recently published its new Cyber Security Strategy specifically aimed at building a cyber resilient public sector. The Government plans to invest £2.6 billion in cyber and legacy IT and implement a number of key performance indicators to measure progress. The Government recognises that the public sector must overcome known legacy and data issues where IT assets aren’t always catalogued or risk assessed. Where data quality varies and interconnecting supplier systems are used it increase the likelihood of vulnerabilities according to the National Audit Office.
4th of August saw widespread outages across the NHS. The target was Advanced, a supplier into the NHS that provides software for various parts of the NHS. The cyber-attack affected services including patient referrals, ambulance dispatch, out of hours appointment, mental health services and emergency prescriptions.
In 2017, a cyber-attack that affected more than 40 NHS trusts had spread to 200,000 computer systems across 150 countries. The “WannaCry” ransomware began affecting NHS trusts on May 12th. It prevented many NHS trusts from accessing patient records which led to delays in non-urgent surgeries and cancelled patient appointments. The “WannaCry” virus demanded £230 in Bitcoin to unlock each affected computer with the fee doubling after seven days.
The Ministry of Defence were targeted in March 2021. A cyber-attack on the UK’s Defence Academy caused significant damage, although no sensitive information was stored on the academy’s network, the academy was forced to rebuild its network. It is thought that the attack was an attempt to gain access to other parts of the MoD using the academy as a backdoor.
Across the world, in Australia, hackers created a fake news website to harvest data from Australian government officials and journalists. The hackers created fake media websites by scraping legitimate sites including the BBC news website to appear as the real website. Victims of the phishing attack were invited to write for the news websites which was riddled with malware that would infect the victim’s computer with a tool called Scanbox, collecting their profile, device and webpage visited. Scanbox is a web reconnaissance and exploitation framework. The attack focused predominately on people involved in energy production such as the offshore energy explorations in the South China Sea, wind-turbine manufacture and alternative energy.
NATO are currently investigating the scope of a data breach of classified military documents being sold by a hacker group online that are linked to a major European weapons manufacturer. MBDA Missile Systems has admitted their data was among the stash stolen, but claimed none of the classified files belong to the firm.
4 steps to protecting yourself from Cyber Attacks
The National Cyber Security Centre offers a Supplier Assurance Questionnaire that organisations can utilise to protect themselves and their supply chain. These self-assessments can support organisations to determine whether they meet security expectations. Consider surveying your supply chain to understand the risk suppliers may pose to you or your wider supply chain.
Understand the security arrangements of your suppliers and routinely engage with your suppliers to confirm they are actively managing risks to your contract effectively.
PPN 09/15 pointed to steps the Government were actively taking to reduce levels of cyber security risk within it’s supply chain. In collaboration with Government, the National Cyber Security Centre developed Cyber Essentials Scheme the Government believes by implementing and embedding Cyber Essentials Scheme can significantly reduce an organisations vulnerability. Cyber Essentials is an effective, Government backed scheme that supports organisations regardless of size, against a whole range of the most common cyber attacks.
Exercise your right to audit or require upward reporting by your suppliers to provide security assurance.
Overall, supply chain security is the responsibility of every organisation within the supply chain. The supply chain is only truly secure once all organisations carry out effective, co-ordinated security measures to ensure the integrity of the supply chain data.
