Health+Care focuses on the delivery of cultural, service, system and digital transformation that secures the future of health and social care systems
In light of the cyber-attack that hit 150 countries last week, Dave Lee, BBC’s North America technology reporter, said: “There are going to be some tough questions for those institutions which didn't do enough to keep their networks secure, as well as the organizations that were best placed to stop it happening in the first place - the NSA and Microsoft.”
The attack, spread by WannaCry to computers around the world, takes advantage of a vulnerability in Microsoft Windows. The software tools used to create the attack were revealed to be among the collection of NSA spy tools stolen in April. Although Microsoft released a security patch for these vulnerabilities in March, many organisations and institutions chose not to automatically update their systems.
FedEx, Nissan, the United Kingdom's National Health Service, Deutsche Bahn, the Russian Central Bank, Russia’s Interior Ministry, Megafon, and Telefónica were among the victims.
So, do governments have a responsibility to ensure digital data is secure? This is a difficult question to answer, as it could be argued that we all have equal responsibility in terms of protecting ourselves and our digital data.
There's still work to do
Studies have shown that organisations across the world have work to do in terms of improving their network security. Many institutions assume their IT infrastructure is protected, but cyber criminals are constantly developing sophisticated methods of accessing computers and networks, resulting in data loss or manipulation.
This tactic was evidently seen in the latest global attack. WannaCry encrypted computer files and displayed a warning message asking for $300 to $600 worth of bitcoin. Failure to pay, they warned, would leave the data beyond repair unless backup copies were available.
How can this be stopped?
To avoid similar incidents, organizations and companies need to ensure their complete IT infrastructure is protected.
That means they need a comprehensive IT security approach. In addition to virus scanners and firewalls, other measures such as network monitoring, data security software, encoding software, port scanners and content filters need to be part of these systems.
Governments undeniably play a role in ensuring network services adhere to security, safety, and privacy regulations. Governments have access to data that could easily be exposed to the wider public if the information was accessed by the wrong people. They are also responsible for tightly monitoring these guidelines and enforcing regulatory penalties to those scammers who are behind data breaches. But is there more they can do?
Is unified monitoring the solution?
The term unified monitoring has gained popularity in recent years and it is becoming an increasingly popular method of monitoring networks on one integrated platform. In an increasingly digital world, where personal data is more available than ever before, governments need to be providing clear education on network monitoring, as well as network infrastructure, to ensure the privacy and respect of the public. Once they have provided this education, it's then the responsibility of companies and organisations to follow the guidance.