I’m not going to lie it’s been quite a weekend. It all started just before 3pm on Friday when Conor, one of our newest members of staff, noticed a tweet saying the NHS had suffered a major cybersecurity attack. That’s when our Eskenzi rapid response service ended up on steroids!
We sent out a media alert informing the press that we had various cybersecurity experts on standby to answer any questions they may have and help explain what was happening. Our switchboard lit up and every major news organisation was onto us! Reuters, PA, Sky News, BBC WorldService, Talk Radio, Aljazeera, News Week, ITN, The Times, The Telegraph, The Mirror, The Sun – even GQ magazine (now that made me giggle as they’re a trendy men’s lifestyle magazine with lots of buff men with muscles!)
I’m proud to say that our clients who have many of the world’s most experienced and knowledgeable cybersecurity experts jumped into action to offer their advice and expertise – together with the Eskenzi team, everyone worked throughout the weekend responding to requests from the press, answering a myriad of searching questions – that clearly the NHS were unavailable to answer.
In fact, it was our clients the press turned to for informed commentary when it would have been better if the NHS had fielded a spokesperson to interview who had insight to offer and intelligence to share – but sadly this didn’t happen! This is why organisations need to have contingency and crisis plans in place that are specifically to respond to a cyber-attack as, sadly, the likelihood is that these occurrences are going to become more and more frequent. The CISOs or head of Information security in major organisations need to be media trained as these are the guys we want in-front of the camera, on the radio and quoted in the press! We want assurances from the people that know, not ill-informed, ignorant civil servants or ministers who in the NHS’ case hadn’t the faintest idea what they were talking about.
The corollary of this weekend’s event is really in my mind to celebrate the brilliant men and women in cybersecurity who work tirelessly everyday to avert more frequent disasters such as the one we saw this weekend. When I speak to them regularly, they always inform me of how susceptible we are to legacy systems that are so old they are disasters waiting to happen. I know that behind the scenes it’s these guys that are stopping disasters happening more frequently. A bit like the counter-terrorism special unit, who we never hear or see from because they too are regularly gathering intelligence to avert disasters.
We need to attract more people into our industry and fill the skills gap. It’s suddenly become a lot more exciting and events like this, I hope, will make it alluring to students wondering what career to pursue.
Gartner predicts that by 2020 we will have 13.5 billion connected devices, so can you only imagine what will happen when these don’t have security built into them – it doesn’t matter how many fantastic security folks we have working to identify the malware and breaches the manufacturers need to take responsibility for security.
The sterling job that our cybersecurity industry display day after day and how a security researcher who goes under the name of MalwareTech together with Darien Huss from Proofpoint who worked through the night to kill WannaCry, reminds me why we decided to run the Security Serious Unsung Heroes.
If you know of anyone who should be nominated as a Security Serious Unsung Hero please do nominate them here.
Apart from chasing the story this week, I’m sure we all have some story of how we were personally effected by the effects of the malware. In my case, my mum was cooking dinner for 16 of us and she caught her finger in the blender and had to go to A&E to get it stitched up, but had to wait so long because the effects of WannaCry, she ended up strapping it up herself with the help of my retired GP brother-in-law and a few steristrips. Saying that my mother, who is a trouper, came back and continued chopping with one hand to finish off dinner. I helped her chop with one of my spare hands, whilst the other was being used to arrange interviews with the press!!! Oh what fun to be a multitasking PR women. At the same time my niece who is working as a junior Doctor in orthopaedic trauma ended up having to run around the hospital chasing down the oldest computers as they were the only ones still working to print out patient notes and look at X-rays in the old-fashioned way by holding them up to the light which of course they no longer teach at med school.
So this won’t be the first or the last of these kind of breaches – what next, power stations or water supplies?