The healthcare sector must have its finger on the pulse when it comes to Cyber Security. The ransomware attack that left the NHS reeling this summer not only exposed significant structural weaknesses in the service’s IT systems, but also the depth to which cybercriminals will sink to meet their goals.
With such precious work as that performed by Children’s Hospice South West (CHSW), a disruption of the scale of a coordinated cyber-attack is unthinkable, and consequently, Cyber Security retains paramount importance at CHSW.
Matt Argyle, Head of IT and Information Governance Lead at CHSW, is speaking at the Cyber Security Summit and Expo on “Communicating Cyber Security with the Board – Authentication and Access Rights” at 3:55pm, on Seminar Theatre 2.
No complacency
Matt is committed to ensuring CHSW’s Cyber Security remains one step ahead of those that seek to do harm. Responding to an increasing trend of ransomware attacks and small scale, intermittent whaling attacks (targeted phishing attacks aimed at high level executives within an organisation), Matt was especially keen to reinforce CHSW’s awareness that complacency should be avoided, with successful defence to be viewed as an imperative, rather than cause for celebration.
Alongside the day-to-day patching, monitoring and other countermeasures employed at CHSW, Matt and his team engage actively with the senior management team, as well as heads of department to ensure they are up to date and aware of the latest information regarding likely attack vectors.
User awareness training
The most substantial part of Matt’s recent work though, concerns user awareness training – “In 2017 alone, all staff have been through a training session, detailing why Cyber Security is important and how to recognise and prevent Cyber Crime”. Matt reinforces this lesson with his personal mantra, “This is not a work issue. This is a life issue.”
For a charity like CHSW, consistent support and funding are far from assured, and when faced with a threat as pervasive as Cybercrime, cooperation and support are essential. The Information Governance NHS Tool kit is, thankfully, one such method of support, and as Information Governance Lead for CHSW, Matt has found success in using this to bolster information security across the organisation.
Offering his opinion on how the toolkit has helped CHSW, Matt stated that not only has it been useful in getting the organisation to consider data security and analyse risk, but it has subsequently led to alterations on “many practices to ensure we take a common approach and fits with organisation risk appetite”.
Alongside leading Information Governance and overseeing processes surrounding the Information Toolkit, Matt’s work plays a central role in the digital transformation process that CHSW, like a number of other bodies, is undergoing at present.
Matt was keen therefore to emphasise the need for security to remain of the utmost importance when considering digitalisation. “Security is embedded throughout the project process, which means that we can then consider whether the project will drive efficiency and allows us to focus on our core organisation mission”.
However, such a process is perhaps impossible to achieve alone, and Matt also praises the project partners which CHSW have worked with, each bringing excellent breadth of experience on security to their joint-work.
Support from the top down
While Matt and his team’s work is crucial in ensuring that CHSW remains secure and protected against the looming cyber threat, without boardroom support Matt and his team receive, a robust Cyber Security culture is unobtainable.
Matt believes a combination of “security champions” in departments and an embedded cyber culture across the board is key to successfully implementing the Cyber Security measures which the modern day technological world demands.
However, without support from the top, “it will only ever be enthusiasts battling against culture, rather than being embedded within it”. Concluding by cautioning against such an approach, Matt warned “there are many in IT and Cyber Security, me being one of them, who believe we will see some organisations ceasing to exist due to reputational damage as the result of an attack”, placing effective Cyber Security as central to any organisation’s long term survival.
This is especially true given the increasing volume of Cybercrime in today’s world: if a business as philanthropic as a children’s hospice is exposed to the glare of Cybercrime, other organisations must prepare their Cyber Security for a similar, if not higher level of scrutiny.
Matt is speaking alongside senior public and private sector figures at the Cyber Security Summit, including Mark Sayers, Deputy Director of Cyber and Government Security at the Cabinet Office, and Chris Ulliott, Chief Information Security Officer at the Royal Bank of Scotland.