Ransomware keeping cops, NHS and local UK gov bods awake at night

Biggest threat next year, Met Police cybercrime boss says

Cybersecurity bods at the Met Police, NHS and the Local Government Association in the UK believe ransomware will be one of the biggest threats facing the British public sector next year.

Speaking at the Cyber Security in Healthcare event at the UK Health Show in London, the public sector heads discussed the predicted cybersecurity threats to health and care services in 2018 and how are they evolving.

DCI Gary Miles, from the SC07 Organised Crime Command at the Metropolitan Police, who is responsible for complex fraud and cybercrime, said: "Three years ago [the main threat] was the inception of DDoS attacks or the criminal damage of computers; two years ago it was data breaches like TalkTalk, this year its been the use of ransomware attacks on individuals and corporate systems. Next year it will be more of the same."

The Met has 300 officers looking at this specific issue, said Miles. Just under 50 per cent of all crime committed has an online element, according to the Office for National Statistics.

Dan Taylor, head of security for NHS Digital, said he "totally agreed". However, he added that healthcare has not been specifically targeted, although it has "often fallen victim" as it was with WannaCrypt. "We need to make sure [good security practice] is everyone's responsibility," he said.

Earlier this year it emerged that NHS Digital stopped short of advising health organisations in England not to cough up for the WannaCrypt ransomware attack because it couldn't be certain that all hospitals had backed up patient records.

However, Taylor said paying the ransom generally "exacerbates the issue", which is why NHS Digital now advises against it.

More than $140,000 (£105,000) in Bitcoin has been paid out by victims of the global WannaCrypt ransomware outbreak from May.

Sarah Pickup, deputy chief executive of the Local Government Association, outlined the Internet of Things as one potential area of future threats.

But when asked about what keeps her up at night, she said she was more concerned that being too risk averse about data protection would stop organisations doing what they needed.

Miles said: "What worries me is we don't know what the next thing will be. We are playing catch-up as the digital [world] has gone at a steep curve."

Ransomware attacks are becoming increasingly prevalent, with security consultant Trend Micro naming it as the biggest threat to companies this year.

Joseph Bonavolonta, an assistant special agent with the FBI, has previously said firms that fall victim to infection from file-encrypting ransomware should simply pay the ransom. ®


Biting the hand that feeds IT © 1998–2017