WannaCry’s spread and the havoc the ransomware wrought has been laid firmly at the doorstep of legacy systems.
But there is an argument that in the case of the NHS, old software is embedded at the heart of expensive medical systems with long working life expectancy, making patching and updating operating systems and software a much more daunting task than following a digital transformation doctrine.
At Silicon‘s stand in Infosecurity 2017. Simon Edwards, cyber security architect at Trend Micro, explained that cyber security in large organisations such as the NHS, use machine with embedded systems that they cannot patch as the ownership of the computer at the core of a machine lies with the vendor not the user.
“The NHS took a lot of criticism because of unpatched systems and things like that and it’s something we’ve been picking up for the last 12 to 18 months now, which is a lot of these systems they can’t patch,” said Edwards.
“So if you think about it, [hospitals] go an spend a million pounds on an MRI scanner or a blood analysis system and in the middle of this is a computer but obviously the scanner is the important bit, and the hospitals don’t own that PC that’s sitting at the core part of it, the vendors; whoever supplied the MRI scanner.
“And so it falls out of the scope of their [the hospital’s] security policy so they couldn’t patch it and the vendor won’t patch it because the MRI scanner will probably stop working, so what we end up with is a whole bunch of legacy systems that nobody can do anything about,”
Edwards explained that Trend Micro works with organisations to combat this with a virtual patching system, but the scale of legacy systems, notably in the public sector, is a significant challenge to overcome.
For the full interview check out the video above.
There was plenty more going on at the Silicon stand, with interviews with Symantec on IT integration and security, and a chat with Darktrace on IoT insider security threats.
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…