We can stop these online attackers.
THE NHS has, over the last weekend, been subject to a largescale ransomware attack. Where somebody, somewhere introduced malicious code that propagated through their networks, infecting vulnerable hosts and encrypting data as it went along on its merry way. This isn't new, clever or sophisticated and the blame has to lay at the feet of the organisations; not the government of today, yesterday or tomorrow.
As somebody who has been delivering the same message of patching, passwords and policy for almost a decade, the events of the weekend did not surprise me in the slightest, these are not new issues or cutting edge 0-day attacks; they are the very basics of cyber security.
Of course the NHS and its IT is important, but let's not detract that the issues the NHS has in terms of its cyber security posture is, in reality, no different to many other 'important' organisations both in the private and public sector. If we put our cards on the table and be honest, not applying critical patches and removing out-dated operating systems in a timely manner is not only not acceptable in 2017 (the MS17-010 patch was released mid-March) but goes against one of the very core principles of cyber security so this was bound to happen. It is worth noting that the automatic application of patches is an issue that's been resolved and the neglect of patching has now come to light.
Let's learn from what's happened this weekend and do better, we have the tools, we have the knowledge and the know-how to bring these together to make these rudimentary issues redundant.
Ed Williams Llandeilo