In the UK we have recently seen lots of headlines about cyber security and incidents at various NHS organisations, which have had varying impacts on day to day operations. Some of this information has been accurate, but a great deal of it has not – often because it takes time for the full facts of an incident to become known. This is causing added pressure to organisations, beyond the ongoing scrutiny they are already under.
Whilst these incidents are generally unhelpful, they have at least raised awareness and highlighted the importance of cyber security right up to board level, which is a positive thing.
Board members could be forgiven for thinking that a substantial investment is needed in order to provide better protection against today’s cyber threats, particularly as the effects of a successful attack are immediate. In actual fact, NHS organisations should initially make sure that they are following the best practice advised by their security vendors. (I recently gave five tips for securing NHS organisations.)
Once best practice is in place, you can begin to build in additional layers of security to provide defence in depth via next-generation functionality and further enhance protection. These include anti-exploit and anti-ransomware protection, Read more