The nature of the threats we face has not changed significantly, but the way in which we now connect to our organisation’s networks remotely could offer opportunities for malicious actors. The range of remote devices makes the potential attack surface greater.

However, the launch of a centrally funded solution, NHS Secure Boundary, can protect NHS organisations from even the most sophisticated of cyber attacks.

One of the favourite methods of attack is the deployment of malware – malicious software. A significant number of cyber attacks still begin with a fake email – a Phishing attempt – that aims to entice a user to click on a link to an illegitimate website or deploy malware from an attachment.

Malware can then cause massive disruption by:

One type of malware commonly seen in cyber-attacks is Ransomware, which encrypts and locks data on devices, preventing access or even exfiltrating or deleting it.  Often there is a demand for a ransom (hence the name) with a promise that the data will be made available once the payment has been made.

It’s therefore crucial to make regular off-site backups of important data, ensuring there are multiple copies and the devices on which backups are stored are not permanently connected to the network. 

Organisations should take preventative action to reduce the likelihood of a successful attack in which human-operated ransomware can be deployed.  In the current climate, there is a significant increase in Remote Desktop Protocol (RDP) connections which allow devices to connect over the internet or a local network. These connections can be used as a target and a way in for attackers if they are exposed to the internet without appropriate security.

Multi-factor authentication should be used wherever possible, and users should be provided with the ability to connect via a Virtual Private Network (VPN) or a DirectAccess connection. Both of these can reduce the risk of a successful RDP attack because they encrypt the connection between staff and business systems which stops sensitive data being intercepted.

The potential impact of a human-operated ransomware attack can be significantly reduced by taking action to prevent attackers laterally moving from one device to another within a network, searching for any vulnerabilities.

Regular credential hygiene should be undertaken, ensuring users follow their organisation’s policies, preventing repeat passwords, introducing multi-factor authentication and ensuring an account lockout policy is in place. Unnecessary communication between endpoints should be reduced where possible as the more communication is allowed between devices, the more risk there is to mitigate.

Additionally, organisations should monitor for brute force attacks by checking excessive failed authentication attempts, ensure patching is up to date, address and remediate vulnerabilities, and secure perimeter connections via network and host-based firewalls, particularly for inbound connections. An access list, which specifies allowed connections based usually on IP addresses, helps to prevent malicious traffic entering the network.

Our Data Security Centre is on constant alert to obtain intelligence on threats and identify and successfully block malicious attempts across the NHS.

NHS Secure Boundary can help you with this. The solution is at the forefront of protecting internet traffic from digital and cloud-based threats, through next generation firewall (NGFW) and web application firewall (WAF) protection.

This enables enhanced monitoring of local gateways – the devices or network nodes that send and receive data packets from the internet – and national visibility and intelligence allowing NHS Digital to correlate security event information on these applications. This gathering of national intelligence enables security risks to be more accurately identified, assessed and prioritised.

The solution now protects all the Health and Social Care Network internet traffic and is onboarding direct internet connections for NHS Trusts and CSUs. To learn more about this solution, please get in touch with the team at [email protected]

It’s important to educate your staff and raise awareness of common cyber threats – they are an important layer in a defence in-depth strategy – having as many layers of defence as possible. There are a range of resources available to support you to do this, including our own 'Keep I.T. Confidential'  campaign materials and the National Cyber Security Centre's cyber training for staff, to name a couple. 

We must continue to evolve and develop to stay one step ahead.  You can find out more about how we can help you further at our cyber and data security website.