Any system can get hacked but ...
Jason McGee
CEO at Jascom Ltd - Web Designer, Digital Consultant, Project Manager and Tourism Consultant.
Any system can get hacked ... but it costs money to prevent it.
The recent ransomware hack on the HSE in Ireland has brought computer security into sharp focus all of a sudden. For many businesses Cybersecurity has been seen as an irritating side show - affecting "big companies" and not your average SME. Now that the "you-know-what" has hit the fan - this massive breach affecting over HSE 80,000 devices and over 2000 connected systems the penny has suddenly dropped for every company in Ireland that Cyber Security is now a major issue for continuing to do business.
Back in 1999 I was working for Diageo and they decided to implement a massive IT upgrade which encompassed consolidating hundreds of custom I.T. systems for Payroll, Logistics, QA etc all into SAP (large ERP system). At the same time they were testing and preparing for Y2k (remember that?) and also rolling out Windows NT across 10,000 desktops Globally. As a young lad not long out of college my head was spinning at the size of this upgrade and the cost was in the hundreds of millions and that was back when hundreds of millions was a lot of money. What I didn't appreciate then but I know now was this was an investment by Diageo in the short and long term benefits of IT systems both for security, transparency and ultimately to save costs. They were one of the first companies to also roll out No-USB policy when Cloud Storage was only in its infancy and Virtual Terminals were like super secure smartphones to replace desktops. Essentially they locked down everything they could, monitored everything, centralised everything into SAP an future upgraded their hardware every two years.
Fast forward to 2021 and people are now starting to ask why was the same approach not adopted by the HSE. Its probably too simple an answer to say "Money" as its not alone the cost but the vision and authority to push for a programme of that scale all across Government. Other countries have done it but in Ireland we have yet to realise that Digital is at the core of Societal Change. I could go on a thread on that but that is for another day.
As details of patient data start to get leaked online from today I expect the Government is now scrambling to contain this mess like cleaner with a leaky bucket. I am not sure the enormity of what has happened has really hit people yet so I will outline it for you :-
Devices - Up to 80,000 devices will have to be scanned, cleaned or possibly rebuilt using a an operating system (Windows 7) released in 2009.
System/ Servers - The HSE has over 2000 systems to manage all across Payroll, HR, Logistics, Quality, Patient Records, etc many of which are directly connect to medical equipment. Plus GB's of files of patient data, meeting minutes, contracts.
The size of restoration tasks is enormous. I have helped some clients with ransomware attacks and systems upgrades and I can tell you from experience this will be the biggest challenge ever faced by the State. It will cost in the hundreds of millions, will take many many teams of resources and will probably take months (not weeks) to restore to point where we were before 13th May 2021. And then what ?
The future investment in Cyber Security will now have to be a priority. It will have to set at a Ministerial Level at Cabinet with a budget that will have to redirected from Roads, Wages, Health itself ... and people wont like it. But given the reliance Irish people now have on IT systems there is no alternative. What if the next system to be hacked is our power or water or worse still - our broadband - then you will really see an unhappy public!
Cyber security affects us all but our Government needs to lead the way now and into the Digital Future.
Group IT Manager
3 年Great post, investing in people's skills will be every bit as important too.