Between October 2016 and the end of 2017, the National Cyber Security Centre (NCSC) recorded 34 significant cyber-attacks, so large they needed a cross-government response.

762 further attacks were experienced by single organisations. Those are eye-watering statistics, but, in our increasingly connected workplaces, it’s likely these numbers are only going to grow. At Dacoll, security is always front of our minds, as it should be in every organisation. For a business like ours, that means our provision of IT managed services must also include first-line defence against cyber-attack.

The WannaCry experience

The most disruptive cyber-attack of 2016-2017 was WannaCry, which could feasibly have brought the NHS to its knees. Although an IT managed service provider, Dacoll’s responsibility to its NHS customer base is primarily resource-based and often used to maintain legacy ICT equipment. Given the nature of the incidents, the company soon found itself inextricably involved in getting these customers back on track.

On an ordinary Friday afternoon in May 2017, our service desk received a high priority call from one NHS customer advising of virus attack. Then, another. By just the third call it was evident that something was seriously wrong. Through we were not responsible for the cyber-security of the affected estates, it was clear that no business could stand by and watch in the face of such a critical event. Dacoll’s major incident protocol was invoked. The first meeting brought together key staff from all areas of the business. They met hourly thereafter and throughout the weekend.

Unsure of where the virus had come from, Dacoll’s first action was to check our other customers and ensure that all were secure and protected. Each one was then given full advice on what to do if they suspected an attack. It was vital that Dacoll’s core 24/7/365 Business As Usual Service was unaffected, despite crisis elsewhere. Failovers, patching, reboots; all housekeeping duties were completed with precision to ensure no further exposure.

At the same time, remote support tools immediately carried out vital work at the affected NHS sites. In tandem, engineers were deployed to sites where remote access wasn’t possible. Dedicated teams worked throughout the weekend. By Monday morning, the customers we had stepped in to help through the crisis were back up and running. Our efforts above and beyond our responsibilities were applauded by many, and, though we may not have made the headlines, the incidents certainly did.

Every business must be vigilant

The WannaCry attack was all over the news, and remains the most disruptive attack the UK has experienced in recent years. What it taught us is that every business, no matter how large or small, must make security a top priority at every desk, at every office, and every location. Simply hoping old equipment could “just run another year” has increasing major security risks beyond simple hardware failure that are important to understand. Further, it compels all businesses to judge very carefully when choosing its suppliers. Because, when cyber-attack hits, we’re all in it together.

Provided by