There is no aspect of Cybercrime more nefarious than seeking to profit from attacking healthcare bodies, in particular those who specialise in children’s wellbeing. Nonetheless, such unpalatable attacks do take place, with the collateral damage of such actions far from the forethought of the mind of those responsible, as perhaps illustrated recently with the ransomware attack that left the NHS reeling this summer. With such precious work as that performed by Children’s Hospice South West (CHSW), a disruption of the scale of a co-ordinated cyber-attack is unthinkable, and consequently, Cyber Security retains paramount importance at CHSW. Matt Argyle, Head of IT and Information Governance Lead at CHSW, spoke to us about how Cyber Security integrates into CHSW’s work and his thoughts on how to ensure Cyber Security remains one step ahead of those that seek to do harm.
While admitting that Cybercrime wasn’t something he anticipated becoming such a large part of his life at the inception of his career in IT over twenty years ago, Matt remains enthused by the nature of his work, commenting that he “still finds Cyber Security fascinating, and challenging, as we try to make the internet and networks into a secure place to do business”. Matt proffered the DLT-based Estonian iD card system as an example of the multitude of interesting developments that the world of technology propounds on a daily basis.
“This is not a work issue. This is a life issue.”
Responding to an increasing trend of ransomware attacks and small scale, intermittent whaling attacks (targeted phishing attacks aimed at high level executives within an organisation), Matt was especially keen to reinforce CHSW’s awareness that complacency should be avoided, with successful defence to be viewed as an imperative, rather than cause for celebration. Alongside the day-to-day patching, monitoring and other countermeasures employed at CHSW, Matt and his team engage actively with the senior management team, as well as heads of department to ensure they are up to date and aware of the latest information regarding likely attack vectors. The most substantial part of Matt’s recent work though, concerns user awareness training – “In 2017 alone, all staff have been through a training session, detailing why Cyber Security is important and how to recognise and prevent Cyber Crime”. Matt reinforces this lesson with his personal mantra, “This is not a work issue. This is a life issue.”
For a charity like CHSW, consistent support and funding are far from assured, and when faced with a threat as pervasive as Cybercrime, co-operation and support are essential. The Information Governance NHS Tool kit is, thankfully, one such method of support, and as Information Governance Lead for CHSW, Matt has found success in using this to bolster information security across the organisation. Offering his opinion on how the toolkit has helped CHSW, Matt stated that not only has it been useful in getting the organisation to consider data security and analyse risk, but it has subsequently led to alterations on “many practices to ensure we take a common approach and fits with organisation risk appetite”.
Alongside leading Information Governance and overseeing processes surrounding the Information Toolkit, Matt’s work plays a central role in the digital transformation process that CHSW, like a number of other bodies, is undergoing at present. Matt was keen therefore to emphasise the need for security to remain of the utmost importance when considering digitalisation. “Security is embedded throughout the project process, which means that we can then consider whether the project will drive efficiency and allows us to focus on our core organisation mission”. However, such a process is perhaps impossible to achieve alone, and Matt also praises the project partners which CHSW have worked with, each bringing excellent breadth of experience on security to their joint-work.
While Matt and his team’s work is crucial in ensuring that CHSW remains secure and protected against the looming cyber threat, without board room support Matt and his team receive, a robust Cyber Security culture is unobtainable. Matt believes a combination of “security champions” in departments and an embedded cyber culture across the board is key to successfully implementing the Cyber Security measures which the modern day technological world demands. However, without support from the top, “it will only ever be enthusiasts battling against culture, rather than being embedded within it”. Concluding by cautioning against such an approach, Matt warned “there are many in IT and Cyber Security, me being one of them, who believe we will see some organisations ceasing to exist due to reputational damage as the result of an attack”, placing effective Cyber Security as central to any organisation’s long term survival. This is especially true given the increasing volume of Cybercrime in today’s world: if a business as philanthropic as a children’s hospice is exposed to the glare of Cybercrime, other organisations must prepare their Cyber Security for a similar, if not higher level of scrutiny.
Matt will speak at the Cyber Security Summit and Expo on “Communicating Cyber Security with the Board – Authentication and Access Rights” at 3:55pm, on Seminar Theatre 2.