In the wake of the NHS cyber-attack, Nigel Hawkins, Managing Director EMEA, Everbridge outlines how organisations can limit the damage of such an attack
On Friday 12th May, the NHS experienced a national cyber-attack. Hackers attacked the backbone of the NHS, tapping into computers, telephone lines, MRI scanners, blood-storage refrigerators and theatre equipment. Surgeons resorted to using their mobile phones to communicate with one another and critical information such as x-ray imaging was transported to the hospital on CDs.
In the NHS case, the malware tapped into Windows XP. The NHS is becoming increasingly reliant on machines which are connected to the internet and some reports state 90% of NHS trusts run at least one Windows XP machine.
Firewall renewal dates for PCs will be logged, however, it is easy to forget when a portfolio of internet enabled devices needs to be updated for security. With the internet of things (IoT) expected to consist of millions of new connected devices in the future – this issue will become more critical.
In the event of an emergency, effective communication is critical. When IT systems go down an organisation needs to be able to communicate with its employees and coordinate an effective response. The longer this process takes, the bigger the impact.
To limit the damage of a cyber-attack, businesses should consider the following questions:
What threats could impact your organisation?
You should understand the type of threat the organisation could experience and the impact it could have. For example, it could result in loss of services or data. The solution will differ depending on the threat.
Do you have a response plan?
Cyber-attacks often happen out of office hours. An IT incident response plan must be in place to combat an attack even if it happens at 5 am. An efficient response plan will include methods of communication for specific stakeholders.
Who needs to be included in an IT incident response plan?
- IT Security is likely to fix the issue. If an organisation does not have a dedicated security team, employees must be assigned to deal with a security crisis when it occurs.
- Incident Team: who is going to coordinate the response? Who should be contacted following a breach and how are you going to reach them? Define an escalation point.
- Legal-counsel: if for example, customer credit card details are stolen, legal support may be necessary.
A successful cyber-attack can affect multiple communication methods:
- If your phone and voice mail system is VOIP-based, you may lose your company phone system.
- If your company website is hosted in-house, it may go down.
- If the core network is compromised, every computer becomes a standalone machine with no access to a company record. Human resource information, employee contact information, vendor lists, or other key phone lists may be inaccessible.
With multiple resources affected, how will you communicate? A critical communication platform can be used for the following:
- Employee information: pushing information to employees about the company status and messaging.
- Conference bridges: using toll-free conference bridges for employee, vendor, senior management and other key stakeholder phone calls.
- Stakeholder groups: using pre-defined groups that had been created for key stakeholders to push information via phone, text or email.
Multi-modal, two-way communication
Central to the success of critical communications platforms are two key functions. The first is the capability to deliver messages using a variety of different methods – this is known as multi-modal communications. No communications channel can ever be 100% reliable 100% of the time, so multi-modality transforms the speed at which people receive the message. Multi-modality facilitates communication via multiple communication devices and contact paths including email, SMS, VoIP calls, social media alerts and mobile app notifications, amongst many others.
Multi-modality ensures that it is easier to receive a message. Two-way communication makes it simpler to confirm a response. For instance, if a cyber-attack compromises an e-retailers website, every second costs the business money. An IT engineer must be located and available to help as fast as possible. Two-way communication enables the business to send an alert to the IT team giving them the option to reply with “available and onsite”, “available and offsite” or “not available”.
The time and effect of cyber-attacks may be extremely difficult to decipher, however, the ability to respond and limit damage can be significantly improved by implementing a coordinated communications strategy. In today’s connected environment cyber-attacks are an inevitable threat, businesses should move away from a sole focus on prevention and consider their ability to respond and limit damage post attack.
Managing Director EMEA