Interviewee: Jonathan Lee, UK Healthcare Sector Manager, Sophos.
Interviewer: Tom Russell-Mesenge, Programme Manager, UK Health Show
Sophos are a UK headquartered, global IT company that provide a range of cyber security solutions.
TR: What makes healthcare specifically a field that is vulnerable to cyber attacks?
JL: NHS Digital writes on its website, “patient safety and care are enabled by strong data and cyber security.” This is something that Sophos has been working on in partnership with the NHS for over thirty years. The NHS is not one entity but a plethora of different organisations, each with its specific requirements and priorities. Sophos’ in-depth knowledge of the NHS helps us meet Trusts’ changing security needs. The ease-of-use and simplicity of our products result in significant savings in terms of support and administration and means you are better protected.
TR: What kind of infrastructure is required to establish and maintain a cyber-safe environment across Primary, Secondary and Community care? What do you view as being the top three challenges for the NHS in the next five years?
JL: Over the past couple of years, we have seen lots of headlines about cyber security and incidents at various NHS organisations, which have had varying impacts on day to day operations. Some of this information has been accurate, but a great deal of it has not – often because it takes time for the full facts of an incident to become known. This is causing added pressure to organisations, beyond the ongoing scrutiny, they are already under.
Whilst these incidents are generally unhelpful, they have at least raised awareness and highlighted the importance of cyber security right up to board level, which is a positive thing.
Board members could be forgiven for thinking that a substantial investment is needed in order to provide better protection against today’s cyber threats, particularly as the effects of a successful attack are immediate. In actual fact, NHS organisations should initially make sure that they are following the best practice advised by their security vendors.
Once best practice is in place, you can begin to build in additional layers of security to provide defence in depth via next-generation functionality and further enhance protection. These include anti-exploit and anti-ransomware protection, such as Sophos Intercept X at the endpoint and sandboxing such as Sophos Sandstorm at the gateway.
The problem is that whilst there’s a lot that can be done technically, NHS organisations often lack sufficient staff to carry out this work. In an investment bank, there will be large-scale security teams looking after the tools that keep confidential data secure, whereas NHS resources are spread across a variety of different tasks. This means that systems need to be simple to implement and manage, and they need to be able to work systematically to automate the tasks as much as possible, not just pumping information into a SIEM (security information and event management.)
In addition, NHS organisations must start to look at security across all areas of the network rather than staff just focusing on their own silos as today’s prevalent threats seek to access the network through multiple entry points.
Sophos Central enables organisations to monitor security across the whole organisation and allows those responsible to manage Sophos’ award-winning synchronized security solutions. Advanced attacks are more coordinated than ever before and synchronized security means that your defences must be too. Sophos’ Security Heartbeat ensures your endpoint protection and firewall are talking to each other. It’s a simple yet effective idea that means you get better protection against advanced threats and spend less time responding to incidents. What’s more, the process is automated.
Following best practice and adding extra layers to increase your defences means that your board will sleep easier at night and you will have greater visibility into the health of your estate.
TR: Are these challenges systemic or can they be tackled with adequate resource and strategy?
JL: Strategy is important for remaining well protected. Here are our top five tips to put your organisation in a better position to remain protected and quickly react to any attack it faces:
To fully understand your cyber threat and risk exposure, you should carry out a rigorous security review to identify risks, understand vulnerabilities and assess the impact of a cyber-attack. Only then can you create an integrated cyber security plan that incorporates technical, human and physical defences to deliver effective protection without deterring productivity.
Many security breaches can be prevented by ensuring existing cyber defences are deployed at full strength. Too often NHS organisations invest in cyber security solutions but fail to deploy them fully – significantly reducing their effectiveness and increasing the likelihood of a successful, but preventable breach. To ensure you are getting the maximum level of protection from your existing security solutions we encourage all NHS organisations to follow the best practice guidance offered by your trusted security partners and vendors.
Work on the assumption that an attack will happen and ensure you have a tried and tested incident response plan that can be implemented immediately to reduce the impact of the attack.
It’s almost impossible to protect all your data all of the time, so, identify the information you keep that would harm your organisation if it were stolen or unlawfully accessed and implement suitable data security procedures to ensure it is appropriately protected.
Too many cyber breaches are caused by the inadvertent actions of users. Therefore, it is vitally important that users are educated about the cyber risks they face and the safeguards in place to protect them. They should also understand their individual cyber security responsibilities, be aware of the consequences of negligent or malicious actions and work with other stakeholders to identify ways to work in a safe and secure manner.
TR: Where did your initial interests in health stem from?
JL: I have been working at Sophos for over twenty years and focus specifically on the NHS and healthcare, an area that I have a great interest in both from a work and personal perspective. My personal interest partly stems from members of my family having careers in the NHS
In this role, I lead our dedicated team and focus on providing first class customer service to clients. My team aims to be a trusted advisor to NHS organisations.
TR: What does Sophos do differently that separates them from the crowd?
JL: NHS organisations typically operate with fewer IT staff who are assigned to cybersecurity work than a corporate organisation of equivalent size. For example, in a banking environment, there will be large-scale security teams looking after the tools that keep confidential data secure, whereas NHS staff time is divided across a variety of different tasks. This means that systems need to be quick, simple, and easy to implement and manage, and they need to be able to work systematically to automate the tasks as much as possible, not just pumping information into logs, which are difficult to investigate and understand.
Complexity is the enemy of security and causes additional risk to an organisation. It is therefore important that security solutions are easy to deploy, configure and maintain on an ongoing basis so that management overheads are kept to a minimum.
This is where Sophos can help. Our solutions are designed to keep cybersecurity simple to manage but also provide customers with the highest possible levels of protection.
TR: Why should delegates visit your session in the Cyber Security Symposium?
JL: In our session we will discuss the following:
Cybersecurity Fit for the Future – why a multi-layered approach is best for the NHS in the era of Windows 10
Defence-in-depth strategies to mitigate threats
Simplicity versus complexity: how to keep it simple and avoid risks
Protecting servers and clinical systems
Jonathan Lee will be leading a session on why developing a multi-layered approach for cyber security is best for the NHS at the UK Health Show on the 25th September 2018. For more information visit the agenda page at www.ukhealthshow.com/agenda