Connect with us

NEWS

Institute of Risk Management Responds to Global WannaCry Ransomware Attack

Institute of Risk Management Responds to Global WannaCry Ransomware Attack

The recent ransomware attack on the NHS and over 30,000 companies globally has brought cybercrime to the top of the risk and news agenda.

Patrick Keady, CFIRM, IRM Board member and Chair of the IRM Health and Care Sector Interest Group says:

“The NHS is unusual because it has so few people with the skills to fundamentally understand risk across the enterprise. While the NHS in England employs 1,300,000 workers, it has just 27 partially/fully trained and experienced enterprise risk managers.

At the same time, it is reassuring that most of the NHS organisations affected by WannaDecryptor, say they have plans in place to react to the impact of the malware.

However, we have known for years that increasing amounts of IT software and hardware used in the NHS are simply out-of-date and no longer supported by their manufacturers. NHS bosses really do need to take major steps now, to prevent similar episodes and the accompanying disruption to patient services.”

Patrick Keady undertook some research into current risk registers of the 34 NHS Trusts and Clinical Commissioning Groups reported to have been affected by the cyber-attack.

He undertook a deep-dive of 8,500+ pages of Board papers at the 34 organisations affected. In his view, the 34 NHS Board papers are over-crowded with information – with one set of Board papers exceeding 400 pages.

His main findings from the 34 organisations were that:

  • 10 organisations publish Risk Registers online.
  • 13 publish Board Assurance Frameworks online (this requirement was introduced by New Labour circa 2004).
  • Nine do not publish risk registers or board assurance frameworks online.
  • Two Trust websites were off-line yesterday.

Patrick singled out Mid-Essex Hospital Services NHS Trust, the only Trust to mention Cyber-Security in their Board Assurance Framework. (Page 20, risk number 949).

He commented:

“Risks in almost all of the 34 organisations affected on Friday, are generally ill-defined and do not relate to the organisations’ strategic objectives. Instead they tend to refer to operational programmes and targets will be achieved or not”.

Nicola Crawford, CFIRM, Chair of the IRM goes on to comment:

“This cyber-attack has affected more than just the health sector and has impacted on companies globally.

*A 2016 survey of IRM members showed that cyber risk and the insight into the changing nature of cyber and IT related risks, including data breach, hacking, theft of IP, cyber fraud and commercial sabotage was one of their most pressing concerns.

We live in an increasingly networked world, from personal banking to government infrastructure. Protecting those networks is no longer optional – the internet of things means enterprise wide risk management, including cyber security policy, has never been more important.

Cyber risk is now firmly at the top of the business agenda globally as high-profile breaches raise fears that hack attacks and other security failures could endanger the global economy. Ransomware and data breach can have catastrophic consequences including loss of life”.

Alexander Larsen, CFIRM, President of Baldwin Consulting and IRM expert on cyber said:

“Cyber risk has been a growing threat in the last few years. A recent report claimed that the risk in 2016 was four times higher than in 2015. 2017 was expected to be worse and this recent incident only highlights the frequency and severity of these attacks. The speed at which this virus has affected companies around the world shows the impact these hackers can have. Patient’s records may be at risk of being leaked, operations have had to be rescheduled, ultimately putting lives at risk.

Going forward we can only expect hackers to become more organised and well-funded, which, alongside advances in AI and technology, will lead to more sophistication in their attacks. Some organisations are already spending hundreds of millions of pounds on cyber security, whilst governments are spending billions in order to prevent these attacks, but experts warn that it is impossible to stop these attacks and that organisation’s should also be focusing on business continuity & recovery whilst also safeguarding their reputation which could be severely damaged if the incident is not managed correctly”.

Continue Reading

Recent Posts

Protecting against man in the middle attacks with dynamic linking 28 Protecting against man in the middle attacks with dynamic linking 29
FINANCE1 week ago

Protecting against man in the middle attacks with dynamic linking

By David Vergara, Senior Director of Product Marketing at OneSpan In recent years, the booming growth of mobile applications has...

The Case for Banks to Digitally Transform: Iterating out of lockdown 30 The Case for Banks to Digitally Transform: Iterating out of lockdown 31
BANKING1 week ago

The Case for Banks to Digitally Transform: Iterating out of lockdown

By Sudeepto Mukherjee, Senior VP, Banking EMEA & APAC, Publicis Sapient. Before COVID-19 disrupted every imaginable part of society, banks...

Difficulties of Getting on the Property Ladder Post-Pandemic 32 Difficulties of Getting on the Property Ladder Post-Pandemic 33
LIFESTYLE1 week ago

Difficulties of Getting on the Property Ladder Post-Pandemic

There is a lot of talk about what’s going to happen to the housing market over the next few months....

Russian Doll: Building digital capabilities into a bank’s core 34 Russian Doll: Building digital capabilities into a bank’s core 35
BANKING1 week ago

Russian Doll: Building digital capabilities into a bank’s core

By Ian Johnson, Managing Director of Europe, Marqeta COVID-19 has left its mark on every industry, and banking is no...

How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 36 How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 37
TRADING1 week ago

How the US and Europe’s COVID-19 Responses Have Affected Exchange Rates

In living memory, few events have thrown the reputations of different countries and regions under such intense scrutiny as the...

Recognising the surprise PE investment potential in southern Africa 38 Recognising the surprise PE investment potential in southern Africa 39
INVESTING1 week ago

Recognising the surprise PE investment potential in southern Africa

By Martin Soderberg, partner at SPEAR Capital. An event of historic significance passed largely unnoticed in the world’s media recently,...

Why Banking is experiencing a second wave of transformation 40 Why Banking is experiencing a second wave of transformation 41
BANKING1 week ago

Why Banking is experiencing a second wave of transformation

By Keith Pearson, Head of Financial Services EMEA, ServiceNow The financial landscape has seen significant changes in the last six...

Making your mark: an introduction to trademarks 42 Making your mark: an introduction to trademarks 43
TRADING1 week ago

Making your mark: an introduction to trademarks

By James Turner, Director at  Turner Little  Are you looking to protect your brand? The chances are, you are –...

Tax evasion, avoidance and efficiency: which are legal? 44 Tax evasion, avoidance and efficiency: which are legal? 45
FINANCE1 week ago

Tax evasion, avoidance and efficiency: which are legal?

By James Turner, Director at York-based Turner Little Tax is a subject close to the hearts of most individuals, and...

Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm 46 Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm 47
TECHNOLOGY1 week ago

Financial services firms must ‘cut the cord’ in order to weather the COVID-19 storm

By Graham Brooks, Strategic Account Director, Cradlepoint This year, the financial sector’s plans have been thrown off course by a...

Strange new world: What next for banks? 48 Strange new world: What next for banks? 49
BANKING1 week ago

Strange new world: What next for banks?

By Simon Wilson, Director, Payment Solutions, Icon Solutions What’s next for banks in this strange new world we find ourselves...

Alone together: How to maintain a positive company culture while working remotely 50 Alone together: How to maintain a positive company culture while working remotely 51
BUSINESS1 week ago

Alone together: How to maintain a positive company culture while working remotely

By Paul Rowlett, from branded corporate gift specialist EverythingBranded, shares his tips for keeping staff morale and engagement high while...