Corporate governance: Of Cyber attacks, fateful drills and resourceful enemies

5-21-15-Access-Denied1

America has installed Trump as president, the UK has voted itself out of the EU, North Korea is testing nuclear launch capabilities, Elon Musk plans to colonise Mars and the NHS is amongst the latest victims of a large scale cyber attack.

None of this is a routine drill, none of it is imaginary. They are as real as the arctic wind in London, Googles’ search capability and the fall of the Greek empire.

Once immune, I can now feel the tremors from an earthquake in another land, the fear and heat from the bombings in Syria and visualise the power of information in the wrong hands. This is now more than mismanagement, bigger than negligence, worse than ignorance and definitely unacceptable.

But why do I care? Why has this prompted me to vocalise my indignation? Why can’t I simply ascribe this to ‘large- scale governance failure’, indulge in cynical finger waggin’, deliver the final ‘this was coming’ verdict and get away from it all?

Simply because, this time, I can feel the peril. My own vulnerability seems to tango to disconcerting music; flirt with the sorcerer and look me straight in the eye. The issue has now fallen out of the NHS board room, parliamentary debates and lies at my front door. Awaiting action!

I need to address this ….  as a citizen, as a taxpayer and as a fellow human. For who is to say that these attacks won’t be more serious next time and my personal security would not be affected. The size of the problem seems to grow. Friday’s cyber-attack affected more than 200,000 victims in 150 countries, as per Europol chief Rob Wainwright. He also said that another attack may be imminent.

As I look for additional clues, I discover that the weakness in NHS cyber security is a documented matter and was listed as one of the 3 principle risk facing the NHS in the security review, as per Defence Secretary Michael Fallon, in this interview. The report also states Labour leader Jeremy Corbyn, saying that an annual £5.5m deal with Microsoft to protect NHS devices has not been renewed since 2014.

Why has cyber security not been addressed at the NHS? Why has weak infrastructure not been upgraded? Why has this issue been allowed to linger when the threats were well-understood.

As per reports, 48 NHS trusts reported problems at hospitals in England; while 13 NHS organisations in Scotland were affected. Hospital trusts were repeatedly warned about cyber threats before the attack on computer systems on Friday, Defence Secretary Michael Fallon has said. He told said that the NHS was given “a large chunk” of money to improve its security.

Labour leader Jeremy Corbyn said on Saturday that an annual £5.5m deal with Microsoft to protect NHS devices had been renewed in 2014 but not since.

Surely, issues abound and need to be addressed. Our voices need to be heard, because we are at risk when institutions such as the NHS are taken down. We need to ask more questions, demand an explanation and expect a resolution. Corporate governance needs a prod here.

Isolation is now a myth. We are all now connected, for better or for worse and need to bear the consequences for a breach, such as this.

And the proof of the pudding lies in the fact the saviour was a fellow blogger, plugged into the world wide web while on holiday. He chanced upon the ‘disarm’ button on the malware and saved the day.

© Anu Maakan 2017

(Disclaimer: all views published here are the personal views of the author and do not represent those of any organization).

Advertisements