Comment from cyber-expert on NCSC annual review
The news this morning that the National Cyber Security Centre (NCSC) has today published its annual review, which reveals that it has responded to almost 200 cyber security incidents related to the UK’s Covid-19 coronavirus pandemic response during the past eight months, a significant number of them impacting the NHS specifically.
The commentary from cyber expert Nick Emanuel, Senior Director of Product at cybersecurity company Webroot:
“It’s unfortunate that the NHS has been a common target for cybercriminals throughout Covid-19, but it’s also not surprising. The vast attack surface of such a large and diverse organisation is one factor, but the value in their data is another. The sheer size and scope of the healthcare industry, its complex supply chain, and the fact that the public sector uses many contractors and outside parties makes it a difficult task to manage and secure.
Although the sector is particularly vulnerable to ransomware, we think the biggest concern here is the use of stolen data as a means to enable further attacks. It is much easier to fool victims with a phishing email once you know details about them and their colleagues.
We expect this to continue next year. As 2021 brings forward the first vaccines to fight Covid-19, cyber criminals will exploit the lack of trusted information and the widespread use of phone based medical appointments to target businesses and consumers in phishing attacks and BEC (Business Email Compromise) scams. To mitigate future attacks and build cyber resilience, organisations need to ensure that adequate defences are in place. Staff training is essential for defending against phishing attacks, so they know what to look out for. The training materials used also need to be constantly updated to reflect the latest threat trends, and regular simulations should be run to ensure that the training is having the desired effect.”