NHS cyber-attack: how ISO 27001 can help mitigate the risk of cyber-crime

Cyber-crime is arguably the greatest threat to businesses and organisations in today’s world.

16th May 2017

Friday’s cyber-attack, which saw 61 NHS organisations compromised, was perhaps the largest-scale example seen to date. Businesses and organisations in 150 countries felt the effects of the ‘WannaCry’ ransomware, which prevents access to computer files until a ransom is paid via Bitcoin digital currency.

With organisations like FedEx and Renault among the victims of the attack, it is evident that no business is safe from the threat of cyber-crime. In a single attack, hackers can target an almost unlimited number of organisations worldwide, infiltrating the IT systems of all those with weaknesses in their security.

While cyber-attacks are often viewed as a unique threat of the digital age, they must be treated in the same way as any potential business crisis – prevention is better than cure. Although full protection against cyber-crime can never be assured, the recent high-profile attacks highlight the importance of a prevention strategy.

A robust Information Security Management System (SMS) should be in place within every organisation to provide protection against cyber-crime. An ISMS is often implemented by an in-house IT department, but the severity of the threat means that external guidance is advisable. As cyber-crime is an international risk, there is an international standard designed to help organisations mitigate this threat through ISMS best practice – ISO 27001.

ISO 27001 is a useful weapon in any business or organisation’s arsenal when fighting cyber-crime. This is because the standard helps organisations:
 

  • Identify risks to information security

  • Establish control measures to manage or reduce risks

  • Implement procedures for the prompt detection of security breaches

  • Recover business operations following an incident.
     

As with all international standards, ISO 27001 puts emphasis on continual improvement, an essential consideration when facing a constantly evolving threat such as cyber-crime. Take preventative action against cyber-crime today by choosing ISO 27001.