A patch, which may have prevented Friday’s (12th May) NHS ransomware attack, was made available to the organisation a month ago, it has emerged. The widespread use of unsupported Windows XP operating systems is thought to have provided an entry-point for hackers to infect computers with ransomware software, effectively paralysing large parts of the NHS.
The attack brings into relief the scale of vulnerabilities which can develop as systems are not kept up to date. World Wide Technology, a global systems integrator, warns that the growing complexity of managing enterprise-level IT will increase the regularity with which software must be patched, even as this attack shows that existing patches are not always being adopted.
Ben Boswell, UK & Ireland Director at World Wide Technology, has advised that the relationship between software providers and organisations should increasingly be governed by a new breed of Enterprise License Agreements (ELAs). These are now being tailored towards fast-moving areas of technology such as security, replacing the product-by-product purchasing model which can so quickly leave companies lagging behind.
Ben highlights that the ELA purchasing model, increasingly now future proofed with updates, allows organisations to guarantee software support and therefore greater resilience in the face of growing cyber threats.
Ben said, “the attack that has been developing over the weekend has highlighted the fact that IT should be at the forefront of operations planning in any large organisation such as the NHS. But the product-by-product approach, where large-scale IT infrastructure is bought on an ad-hoc basis and fully updated sometimes as infrequently as once every decade, leaves organisations incredibly vulnerable to attack.
“By continuing to use software that is unsupported by the manufacturer, organisations effectively put a target on their back for malicious hackers. One way of navigating this is to engage in an Enterprise License Agreement (ELA), a contract between customer and supplier which means that both hardware and software are fully supported on a rolling basis.
“In recent years we have seen how the ELA has evolved in order to better accommodate the changing needs of growing businesses who are increasingly looking for flexibility. Many ELAs now include security, network and other hardware support in the same package as well as being available on a pay-by-usage policy – meaning that firms can accelerate innovation into their IT systems through just one agreement.”