Sveriges mest populära poddar

Redefining CyberSecurity

Building Resilience in Healthcare Cybersecurity Following the Recent NHS Third-Party Ransomware Incident | Expert Insights from InfoSecurity Europe 2024 | On Location Coverage with Sean Martin and Marco Ciappelli

18 min • 7 juni 2024

Guests:

Brian Honan, Founder, BH Consulting
On LinkedIn: https://www.linkedin.com/in/brianhonan/
On X: https://x.com/BrianHonan

Suk Paul, Director - EMEA Services GTM, Kudelski Security
On LinkedIn: https://www.linkedin.com/in/suk-paul-mba-99757412/

Heather Lowrie, Chief Information Security Officer (CISO), The University of Manchester
On LinkedIn: https://www.linkedin.com/in/heather-lowrie/
On X: https://x.com/HeatherELowrie

Tim Grieveson, Senior Vice President - Global Cyber Risk Advisor, Bitsight
On LinkedIn: https://www.linkedin.com/in/timgrieveson/
On X: https://x.com/timgrieveson

Daniel Lattimer, Area Vice President - EMEA West, Semperis
On LinkedIn: https://www.linkedin.com/in/daniel-lattimer-37533016/

____________________________

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

WATCH THE VIDEO: https://youtu.be/3VQ5VsD-DKQ

In recent news, the NHS has been severely impacted by a ransomware cyber attack. This once again highlights the vulnerability of critical infrastructure to cyber threats. In this episode of ITSPmagazine, Marco Ciappelli and Sean Martin dive into this alarming incident while at the InfoSecurity Europe event in London, engaging with a panel of esteemed professionals in the field of information security.

One of the significant themes that emerged from the conversation is that cybercrime is no longer the domain of rogue teenage hackers working from their basements. As Brian Honan emphasized, cybercriminals today are often part of organized crime syndicates involved in drug trafficking, arms dealing, and human trafficking. They are driven by financial gain and are willing to go to great lengths to achieve their goals.

This particular incident affected NHS pathology services, causing surgeries and blood transfusions to be canceled or postponed, directly impacting patient care. Suk Paul pointed out that this kind of attack is not isolated. Since the conflict in 2022, the UK has witnessed a rise in cyber-attacks on public infrastructure, including hospitals and universities. He stated that the human intelligence element is crucial in identifying the techniques and methods used in such attacks.

The conversation also shed light on the complexity of managing third-party supply chain risk. Heather Lowrie suggested considering cybersecurity as a business enabler and not just a technical issue. She stressed the need for robust communication and collaboration between internal teams, external partners, and even at the board level to create a resilient cybersecurity posture.

To this end, Tim Grieveson echoed the importance of having a security leader with excellent communication skills who can align security strategies with business outcomes. This alignment is particularly essential in critical sectors like healthcare, where the focus is on maintaining patient-centric care.

Furthermore, Daniel Lattimer highlighted the challenges faced by the NHS in funding cybersecurity measures. He mentioned that while the NHS has made strides in improving its cybersecurity capabilities, there is still a dilemma of prioritizing between lifesaving patient care and investing in cybersecurity. More specific guidance and a legislative approach similar to US standards could help in achieving minimum security standards.

Brian Honan described the importance of legislative measures like the EU's Digital Operations Resilience Act (DORA) and the Network and Information Security Directive (NIS2), which focus on resilience in critical infrastructure. The key is not just to prevent cyber-attacks but to ensure continuity of services during and after an attack.

During the discussion, a repeated point was the inevitability of cyber incidents and the need for preparation and response. Tim Grieveson stressed the necessity of identifying critical assets and vulnerabilities, communicating risks to the board, and developing a clear response plan. He pointed out that it is not just about the technical aspects but also about storytelling and helping the organization understand the real-world implications of cyber risks.

The significance of cross-sector collaboration was also highlighted. Heather Lowrie noted that cyber threats are a societal challenge, not limited to individual organizations or sectors. Therefore, collective preparation and response are crucial for building resilience against cyber threats. She called for more exercises within and across sectors to prepare teams for real-world events.

Lastly, the episode discussed the ethical dilemma of paying ransoms. Brian Honan strongly advocated against paying the ransom, citing the lack of guarantee that systems would be restored securely and the need to rebuild trust in affected devices. Instead, the focus should be on robust preparation and managing supply chain security. In conclusion, this episode underscored the pervasive threat of cyber-attacks on critical infrastructure and the multifaceted approach needed to tackle these challenges.

From enhancing third-party risk management to legislative support, cross-sector collaboration, and ethical considerations, the conversation provides a comprehensive overview of the current state of cybersecurity in the healthcare sector. It highlights the urgent need for continuous improvement and resilience to protect not only systems but ultimately, patients' lives.

Top Questions Addressed

  • How can the impact of the ransomware attack on the NHS best be described?
  • How can organizations better manage third-party supply chain risk in cybersecurity?
  • What are the ethical considerations and implications of paying ransom in cyberattacks?

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr

Be sure to share and subscribe!

____________________________

Resources

Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Förekommer på
00:00 -00:00