5 Lessons from the NHS Cyber Siege to Combat Ransomware Threats

The recent ransomware attack on the National Health Service (NHS) is a stark reminder of the disruption and chaos that such a malicious campaign can unleash. This should leave no question that such attacks can have negative consequences for patient care and health.

Malicious actors run their business round-the-clock and cast their nets wide to increase their chances of success, so organizations – regardless of size or industry – must act quickly and stay vigilant. As we are still discovering the full impact of the NHS breach, we also must be aware that in the last 12 months, 55% of organizations surveyed experienced a cyber-attack or related incident, so now’s a good time for organizations to take decisive action and fortify their defenses.

In this blog post, we share five lessons we can learn from the NHS cyberattack as a guide for reshaping or finetuning your blueprint for building a resilient defense against the ransomware scourge.

Boost Your Resilience: 5 Lessons from the NHS Cyberattack

Here are the top five cybersecurity lessons that organizations can consider from the cautionary tale of the NHS attack:

1. Have Visibility of Your IT Infrastructure

Having a thorough understanding of your IT environment is a crucial first step to securing your SaaS infrastructure and determining where your vulnerabilities lie. This includes knowing all the assets, software, and services in use, and how they interact with each other.

Cybercriminals are always on the lookout for weak, penetrable links in the supply chain. In this NHS instance, they breached the IT systems of Synnovis, a third-party supplier that provides pathology services covering blood transfusions and test results for various NHS trusts.

Tools like AvePoint Insights allow organizations to spot vulnerabilities in their IT infrastructure by providing a comprehensive view of their Microsoft 365 environment. It allows organizations to identify who has access to sensitive data, whether they've accessed it, and determine if any external users pose a threat. It also scans and aggregates information on data risks and vulnerabilities by conducting real-time and scheduled scans to identify and analyze files and their content. It also prioritizes issues based on how an organization defines risk to align with relevant regulations and security policies.

2. Implement Timely Security Patches and Updates

Timely security patches can help keep cyberattacks at bay. Implementing timely patches was a lesson the NHS learned from the WannaCry ransomware attack that happened in 2017.

Security updates often contain fixes for known vulnerabilities that cybercriminals exploit to infiltrate systems. By regularly patching systems, organizations can close these security gaps, making it harder for threat actors to gain unauthorized access.

This, in turn, minimizes the likelihood of ransomware attacks, as breaches often take advantage of unpatched vulnerabilities to deliver malicious payloads. That is why maintaining up-to-date systems is a vital proactive step to enhancing your security stance to fight against ransomware attacks.

3. Maximize Cyber Resilience with Isolated, Air-Gapped Backups

At the core of your organization’s defense against ransomware lies a pivotal step: establishing a solid foundation for data resilience.

A comprehensive backup and recovery solution is not just a contingency plan; it’s an essential measure that empowers you to restore your data and systems to their pre-attack state with precision, speed, and integrity.

By implementing a robust backup strategy, you safeguard your organization’s operational continuity. The goal is to minimize downtime to the barest minimum, so you can swiftly and efficiently resume business activities. This proactive approach not only protects your valuable data but also reinforces your organization’s ability to withstand and quickly recover from a ransomware attack.

A comprehensive backup and restore solution like AvePoint Cloud Backup offers coverage for all your critical workloads including Microsoft 365, Salesforce, Google Workspace, Azure, Power Platform, and Dynamics 365, with point-in-time recovery, enabling precise time-based data restoration. This allows you to restore anything important to your business – from Teams chats to Salesforce metadata – to how your environment was exactly before the attack.

Notably, AvePoint Cloud Backup’s ransomware detection feature uses a machine learning-based monitoring to alert you of suspicious activity, which could indicate a ransomware attack or other malicious activities before it inflicts damage. Upon detecting potential threats, it alerts IT administrators or ticketing systems through email, so they can act promptly by consulting the Microsoft 365 Unusual Activities Analysis Report, or activating their response plan if an attack has been confirmed.

4. Create a Business Continuity Plan

Do you know what to do exactly when a ransomware attack strikes? Developing a business continuity plan is an essential part of building your resilience against cyberattacks. It serves as a helpful guide for anticipating, responding to, and recovering from disruptions effectively. This proactive measure includes concrete steps to minimize downtime, ensure data security, mitigate risks, and enable speedy recovery of critical systems and data in the event of a ransomware attack. Also integral to the plan are guidelines for prompt and timely communication with employees and stakeholders.

Creating this plan requires the involvement of all key stakeholders of an organization as this requires careful deliberation about making difficult decisions like whether to entertain ransom demands. Remember: the odds are skewed against ransom payment as a recovery method. Cybersecurity experts, including the FBI, urge organizations to not cave in to the temptation of paying ransom because doing so does not guarantee full recovery of their data.

5. Train Your Workforce

Educated employees are your first line of defense. It is vital to continuously train your employees on recognizing phishing attempts and social engineering tactics to understand the common attack vectors used in ransomware infection. Cybercriminals employ sophisticated attack techniques so it’s important to be in the know of the latest cybersecurity incidents and to cascade relevant information when needed. In addition, organizations should make it easier for their employees to make informed decisions with technology, which can be achieved by creating sensible policies, rules, and IT controls.

Check out AvePoint’s comprehensive library of resources to help build defenses against ransomware, such as our free eBook titled Ransomware Readiness Checklist. This underscores the importance of proactive and comprehensive cybersecurity strategies to protect against ransomware and other cyber threats.

Take the Proactive Route to Ransomware Defense

The responsibility to safeguard our systems and data against ransomware attacks has never been more critical, especially now that the attack surface continues to expand, and cybercriminals are also enhancing their attack arsenal with more sophisticated techniques.

Preparation is key. Aside from having a full grasp of your infrastructure and implementing timely patches and updates, a well-orchestrated backup and recovery plan is essential to resilience, so you get peace of mind and the assurance that your operations can bounce back, unscathed and stronger than ever, in the face of a ransomware attack.

Want to know more about how third-party backup can accelerate recovery from disruption? Download our latest NHS whitepaper and podcast episode, From Crisis to Continuity, here.