Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

NEWS

The recent ransomware attack on the NHS and over 30,000 companies globally has brought cybercrime to the top of the risk and news agenda.

Patrick Keady, CFIRM, IRM Board member and Chair of the IRM Health and Care Sector Interest Group says:

“The NHS is unusual because it has so few people with the skills to fundamentally understand risk across the enterprise. While the NHS in England employs 1,300,000 workers, it has just 27 partially/fully trained and experienced enterprise risk managers.

At the same time, it is reassuring that most of the NHS organisations affected by WannaDecryptor, say they have plans in place to react to the impact of the malware.

However, we have known for years that increasing amounts of IT software and hardware used in the NHS are simply out-of-date and no longer supported by their manufacturers. NHS bosses really do need to take major steps now, to prevent similar episodes and the accompanying disruption to patient services.”

Patrick Keady undertook some research into current risk registers of the 34 NHS Trusts and Clinical Commissioning Groups reported to have been affected by the cyber-attack.

He undertook a deep-dive of 8,500+ pages of Board papers at the 34 organisations affected. In his view, the 34 NHS Board papers are over-crowded with information – with one set of Board papers exceeding 400 pages.

His main findings from the 34 organisations were that:

  • 10 organisations publish Risk Registers online.
  • 13 publish Board Assurance Frameworks online (this requirement was introduced by New Labour circa 2004).
  • Nine do not publish risk registers or board assurance frameworks online.
  • Two Trust websites were off-line yesterday.

Patrick singled out Mid-Essex Hospital Services NHS Trust, the only Trust to mention Cyber-Security in their Board Assurance Framework. (Page 20, risk number 949).

He commented:

“Risks in almost all of the 34 organisations affected on Friday, are generally ill-defined and do not relate to the organisations’ strategic objectives. Instead they tend to refer to operational programmes and targets will be achieved or not”.

Nicola Crawford, CFIRM, Chair of the IRM goes on to comment:

“This cyber-attack has affected more than just the health sector and has impacted on companies globally.

*A 2016 survey of IRM members showed that cyber risk and the insight into the changing nature of cyber and IT related risks, including data breach, hacking, theft of IP, cyber fraud and commercial sabotage was one of their most pressing concerns.

We live in an increasingly networked world, from personal banking to government infrastructure. Protecting those networks is no longer optional – the internet of things means enterprise wide risk management, including cyber security policy, has never been more important.

Cyber risk is now firmly at the top of the business agenda globally as high-profile breaches raise fears that hack attacks and other security failures could endanger the global economy. Ransomware and data breach can have catastrophic consequences including loss of life”.

Alexander Larsen, CFIRM, President of Baldwin Consulting and IRM expert on cyber said:

“Cyber risk has been a growing threat in the last few years. A recent report claimed that the risk in 2016 was four times higher than in 2015. 2017 was expected to be worse and this recent incident only highlights the frequency and severity of these attacks. The speed at which this virus has affected companies around the world shows the impact these hackers can have. Patient’s records may be at risk of being leaked, operations have had to be rescheduled, ultimately putting lives at risk.

Going forward we can only expect hackers to become more organised and well-funded, which, alongside advances in AI and technology, will lead to more sophistication in their attacks. Some organisations are already spending hundreds of millions of pounds on cyber security, whilst governments are spending billions in order to prevent these attacks, but experts warn that it is impossible to stop these attacks and that organisation’s should also be focusing on business continuity & recovery whilst also safeguarding their reputation which could be severely damaged if the incident is not managed correctly”.

Continue Reading

Recent Posts