Cyber-security is a pestering problem for all organizations using internet or network systems to transact their businesses. Organizations that often overlook the need of updating and keeping their system securities tight often pay the hefty price of losing data in the hands of hackers strewn all over the place. In May 2017, just a few months ago, the world came to a rude shock on realizing that a ransomware dubbed WannaCry or WannaCrypt was bringing down operations in major organizations across Europe, Asia, America, and across other parts of the world. China, UK, U.S.A and Russia made the headlines for being the mostly affected countries by the deadly ransomware (Johnston, 2017). Particularly in the U.K, the NHS was the biggest victim owing to the fact that it is one of the largest institutions in the nation. During this period, NHS could not offer critical services to its ardent clients and the nation at large because of the WannaCrypt attack on the systems. Therefore, in a bid to respond to the question, this paper will discuss the May 2017, attack by WannaCrypt on UK’s NHS.
As mentioned above, WannaCrypt is a dangerous ransomware that encrypts itself on important files in a computer system (Johnston, 2017). The user on the other end cannot decrypt the encrypted files by themselves without paying the ransom the attackers are asking for in advance. On this occasion, WannaCrypt ransonware came with instructions telling the users that some of their files under an attack and that they could on decrypt the encrypted files after paying the ransom (Johnston, 2017). It also came with a timer; the victims had to pay the ransom in bitcoin before the time elapsed, failure to do so, the entire system would crush. This attack crippled the operations in major institutions across Europe. Another major attack was on Telefónica, a major telecommunication company in Spain.
Lack of investment in system security and accountability were the reasons for the attack, sources closer to the organization report. The Chartered Institute for IT argued that the management at NHS did not invest enough resources in cyber-security, which left many loopholes in the system. It was easier for the ransonware to attack the systems following the neglect by the IT department (Johnston, 2017). The organization did not contract or hire qualified accountable cyber-security personnel to keep the system updated and cushioned against any external threats (Gayle et al., 2017). Had the organization secured the system in advance, it would have been impossible if not difficult for the attacker to have the success they had in attacked the database. Many people who talked after the attacked pointed out that WannaCrypt was a wakeup call for the health organization to hire qualified IT professionals to manage the database.
Negligence and poor security policies were at the center of the WannaCrypt attack on NHS database. Every system needs good security systems, which must always be up-to-date with the latest shields and security protocols because virus, ransomware, and other malware software are always evolving (Johnston, 2017). NHS needed failed gravely in network and system management; it was pathetic. When the attack came, the organization had its hands up in surrender because of uninformed workers who could not help but watch the entire database come down crushing. Arguably, NHS needed to invest more in cyber-security and system management (Johnston, 2017). It needed to have highly trained individuals at the help of system management to avoid such misfortunes (Gayle et al., 2017). Preparedness and keeping systems up-to-date are key ingredients of preventing data theft and cyber security threats. NHS had poor network and system security policies, which exposed the database to the attackers.