Cyberattack Challenges in Organizational Landscape: A Case for NHS 2017 WannaCry Ransomware Attack

Verified

Added on 2023/06/18

AI Summary

This report analyzes the cyberattack challenges faced by NHS, the system to mitigate various attacks, and the controls available for different types of cyber-attacks. It also explains the impact of these challenges on various organizations. The report provides an understanding of the various challenges that NHS has to face because of the ransomware attack as well as different controls that are available for different types of cyber-attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Cyberattack challenges in an
organizational landscape. A
case for NHS 2017 WannaCry
ransomware attack.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Contents
INTRODUCTION.....................................................................................................................................3
Aims and Objectives..................................................................................................................................4
Literature Review......................................................................................................................................5
Different cyber-attack challenges faced by NHS.....................................................................................5
System to mitigate various attacks/ challenges........................................................................................6
Different the controls available for different types of cyber-attacks........................................................7
Methodology and Approach.....................................................................................................................9
Results and Findings...............................................................................................................................13
Analysis and Conclusions........................................................................................................................20
REFERENCES........................................................................................................................................24
Appendix..................................................................................................................................................26

INTRODUCTION
Cyber attacks can be referred to as the strategies that are developed or an attempt that is
made by the hackers to damage or destroy a network of computers or a computer system. It can
maliciously disable the computers or steal data. Cyber-attacks can impact a network of
computers or a single computer in a negative manner (Aquilina and et.al., 2021). This is because
they can cause electrical blackouts, result in theft or sensitive as well as valuable data as well as
paralyze the computer system which can lead to making the data unavailable. Cybercrimes on
the other hand, also referred to as a computer crime can be referred to as using a computer
instrument in order to commit s fraud, stealing identities or violating privacy. One of the primary
effects of cyber-crime is the financial impact and this can include different types of criminal
frauds that are profit driven such as ransomware attacks, internet as well as email fraud as well as
identity fraud. There has been a tremendous increase in the devices, clouds as well as threats to
security in an organization. There are various types of cyber-attacks that organizations can face
such as ransomware attacks, email and internet fraud etc.
Due to this, there are different challenges that companies have to face that can have an
impact on the overall performance of an organization (Bendiab and et.al., 2021). This is also
because there has been an increase in the amount of information available to the organizations
from the different connected devices. A lot of organizations have put in significant amounts of
efforts in order to manage the risks that are posed by cyber-attacks. NHS or National Health
Service is a healthcare organization in the United Kingdom that is publicly funded and it is an
independent body. The organization is responsible for ensuring that there is an effective system
of healthcare services available for the people. The organization was founded in the year 1948
and is headquartered in London, United Kingdom. The respective report explains the various
cyber-attacks that organizations are facing as well as the challenges and issues related to the
same. Apart from this, the report also explains the impact of these challenges on various
organization. Lastly, there is also an explanation about the various controls that are in existence
to the same.
The NHS turned into released in 1948. It turned into born out of a long held perfect that
accurate healthcare must be available to all, no matter wealth – a precept that stays at its center.
With the exception of a few costs inclusive of prescriptions and optical and dental offerings, the

NHS in England stays free at the point of use for anybody who's a UK resident. The NHS is an
thrilling and challenging region to work. In April 2016 the NHS underwent an intensive reform
and re-shape brining new and increasingly complex challenges for NHS leaders and staff. The
NHS employs greater than 1.6million people, putting it within the top 5 of the arena’s largest
body of workers. Finance professionals have a essential position to play in the NHS and we're
currently looking to recruit some of apprentices (Boyle, 2021). The purpose of the scheme is to
attract capability excessive flyers to NHS Finance roles in those regions and to make certain that
there is an good enough pool of fantastically capable, skilled and trained finance experts with the
potential to reach senior and director degrees roles in those regions in the UK. Therefore, it can
be said that these are some of the impacts of the ransomware attack on the respective company,
NHS.
Aims and Objectives
Background of the research
Over the last few years, there is a significant increase in the number of cyber-crimes as
well as cyber-attacks. This has led to making organizations more concerned about the same
(Brett, 2021). The respective report is based on cyberattack challenges that are faced by
organization. National Health Service or NHS was hit by a ransomware attack in the year 2017
and was referred to as the WannaCry outbreak that started affect a lot of NHS facilities in 2017.
The respective report will provide the readers with an understanding about the different
challenges that can affect operations of an organization.
Aim
“To analyze the cyberattack challenges in an organizational landscape. A case for NHS
2017 WannaCry ransomware attack.”
Objectives
 To analyze the different cyber-attack challenges faced by NHS.
 To implement a system to mitigate various attacks/ challenges.
 To identify the controls available for different types of cyber-attacks.
Research Questions

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

 What are the different cyber-attack challenges faced by NHS?
 What is the system to mitigate various attacks/ challenges?
 What are the different the controls available for different types of cyber-attacks?
Expected Research Outcome
The expected research outcome of the respected research is to provide the readers with an
understanding of the various challenges that NHS has to face because of the ransomware attack
as well as different controls that are available for different types of cyber-attacks. Besides this, it
is also expected that the respective research will provide an effective understanding about the
different control measures that are available for the different types of cyber-attacks.
Literature Review
Different cyber-attack challenges faced by NHS
Cyber-attacks can lead to various challenges and can have a drastic impact on the overall
performance of an organization. This is because a cyber-attack can be conducted to obtain useful
information or to steal identity (Calderon and Gao, 2021). The WannaCry ransomware attack
that the respective company NHS faced was not directly targeted at the organization. WannaCry
is one of the most well-known ransomware attacks that affect not only NHS, but also several
other companies. It posed various challenges to the respective company such as the organization
could not access the files across its different facilities. This was a big challenge because being
one of the largest healthcare organizations in the United Kingdom and This was also because
more than 60 NHS trusts were affected by the ransomware attack. One of the other challenges
was that many facilities were not able to access the records of the patients and hence, this led to
delays in of surgeries as well as cancellations of patients’ appointments. There were some
hospitals who had to divert their ambulances to other locations. In all, it can be said that the
ransomware attack posed a lot of challenges for NHS.
The WannaCry ransomware attack had a negative impact on the overall performance of
NHS (Djenna, Harous and Saidouni, 2021). The organization had to face the challenge of a
significant decline in the number of admissions that were made to the hospitals. The ransomware
attack had an impact on a large number of computer networks and this led to huge amounts of
losses for the respective organization. As already mentioned, the patients were not able to book

their appointments at the hospitals. And also, the hospital staff also faced difficulties with
analyzing as well as assessing the records of the patients that were maintained. Besides this,
there was also financial loss that the respective organization, NHS had to face. It can be said that
cyber-attacks can have a direct impact on not only the operations of an organization, but can also
lead to an increase in the overall challenges. And as far as NHS is concerned, the organization
was affected to a great extent by the WannaCry ransomware attack.
The WannaCry ransomware attack also posed various other challenges to NHS such as
there was a leak of a lot of information (Formosa, Wilson and Richards, 2021). An ordinary
cyber insurance policy will guard organizations in opposition to extortion which includes
ransomware assaults. But, alternatively worryingly, maximum corporations outside the U.S.
Nevertheless don’t have cyber cover. Nearly 9 out of 10 cyber coverage rules within the world
are in the U.S. – in component due to greater flair for litigation in the United States and breach
notification laws putting responsibilities on groups. The upcoming European Union General Data
Protection Regulation (GDPR), because of be implemented in May 2018, is probable to increase
cyber coverage penetration in Europe – but EU companies nevertheless lag behind. However,
insurance isn't always a catch-all answer, and it's far crucial for policyholders to apprehend the
limitations in their insurance applications. Many policies have a deductible more than $300, so
the WannaCry ransom charge itself would no longer be blanketed. And even though there are
appropriate insurance offers, it’s important policyholders apprehend how they work.
System to mitigate various attacks/ challenges
There can be different systems that can be used by the hackers in order to mitigate the
various attacks and challenges. Therefore, it is important to mitigate the same and there are
different techniques that can be adopted. The same are explained below –
Crimeware - This consists of all styles of malware designed to automate cybercrime,
with Ransomware being the maximum prominent example (Jabbar, Prasad and Aluvalu, 2021).
For the crook, launching an assault and conserving documents for ransom is incredibly speedy,
of low danger and smooth to capitalize on — specially with cryptocurrency such as Bitcoin that
allows them to anonymously pocket bills. It all starts with constant patching and stressing the
importance of software program updates – that applies no longer best for the cutting-edge anti-
virus patterns, however also for packages and even the working device itself. There are different

macro-enabled MS Office documents and teach users in no way to click on suspicious
hyperlinks. Also, create backups often as a way to redeploy clean pix if wished.
Espionage – Increasingly, state-affiliated actors are entering the scene aiming to gather
intelligence or aid their local economy, for example. Whether it’s a malicious e-mail or other
types of malware that paves the way in, this is usually followed by tactics aimed at blending in,
giving the hacker time to quietly capture the desired digital assets. In order to mitigate the attach
one can conduct regular security awareness training and encourage your teams to report phishy
e-mails (Jimada and et.al., 2021). Make it difficult for the adversary to jump from a rigged
machine to other devices on your network. Apart from leveraging networking security to prevent
unauthorized access in the first place, again close monitoring will help you to discover
suspicious activities. If a person has reasons to believe that there have been attempts or an attack
is underway, get the authorities involved quickly.
Fraud - An emerging tactic consists of suspicious e-mails wherein “the CEO” or any
other senior official suddenly orders wire transfers with an pressing and believable again-story.
While it would sound simple, regrettably it frequently works. The groups must be informed — in
particular in finance — that nobody will request a price via an unauthorized manner. Moreover,
ask IT to mark outside e-mails with an unmistakable stamp.
Botnets - Botnets are the hundreds of thousands of structures infected with malware
below hacker manipulate as a way to carry out DDoS assaults. These bots or zombie structures
are used to carry out attacks towards the goal systems, often overwhelming the goal system’s
bandwidth and processing competencies (Jofre, Navarro-Llobet and et.al., 2021). These DDoS
attacks are hard to trace due to the fact botnets are located in differing geographic locations. A
replay attack occurs while an attacker intercepts and saves antique messages and then attempts to
send them later, impersonating one of the individuals. This kind can be without problems
countered with session timestamps or nonce (a random range or a string that adjustments with
time).
Different the controls available for different types of cyber-attacks
Human beings are nevertheless the weakest hyperlink in any employer’s virtual
protection device. People make errors, overlook things, or fall for fraudulent practices. That’s
where cyber safety cognizance comes in. This includes the method of instructing employees on

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

the exclusive cyber safety dangers and threats available, in addition to potential vulnerable spots.
Employees should analyze the satisfactory practices and tactics for keeping networks and facts
secure and the outcomes of no longer doing so. These consequences might also consist of losing
one’s job, criminal penalties, or even irreparable harm to the employer. By making personnel
aware about the scope of the threats and what’s at stake if security fails, cyber safety
professionals can shore up this capacity vulnerability. First and main, a body of workers well-
educated in cyber security poses less of a chance to the overall protection of an enterprise’s
virtual network.
Fewer risks suggest fewer monetary losses due to cyber-crime. Therefore, a organisation
that allocates budget for cyber security attention education for employees need to experience a
go back on that funding (Kaur and Lashkari, 2021). Furthermore, if all personnel get schooling in
cyber protection practices, there may be less chance of lapses in protection have to someone go
away the organization. In other phrases, you’ll lessen the chances that a protection breach takes
place because a critical worker wasn’t at paintings that day. Finally, a organisation with
protection-conscious personnel could have a higher reputation with consumers, on account that
most are reluctant to do enterprise with an untrustworthy company. A commercial enterprise this
is time and again subject to protection breaches will lose customers as a result of negative
publicity, regardless of the actual effect of any particular breach.
Different cities, states, and international locations have one-of-a-kind policies and
guidelines to follow (Kolokotronis and Shiaeles, 2021). Everyone must end up privy to those
policies due to the fact lack of understanding of the law isn't always an good enough
protection.T’s all or not anything. Anyone now not taking part within the new security measures
constitutes a possible vulnerable hyperlink. If all and sundry isn’t completely engaged, it’s
concerned with not anything. This precise practice additionally assumes that all departments
(e.G., HR, Legal, Security) should buy-in and assist make it a truth. Employees need to be
suspicious of emails from unrecognizable assets. Phishing scams use emails to gain get right of
entry to to structures and wreak havoc. Employees should be knowledgeable on things like
suspicious links, attachments, and untrustworthy sources. There’s no excuse for having the
phrase “password” as your password. They need to be at least eight characters long, with both
higher and lower case letters, numbers, and at the very least one unique man or woman. Avoid

errors along with writing the password on a publish-it word and attaching it to your computer.
This includes the whole thing from physical access on your agency’s IT department to preserving
your business enterprise-issued cell gadgets and laptops locked and within reach at all times. It’s
vital to raise everyone’s consciousness of hazards, which include tries at manipulating
employees into granting system get entry to or divulging private corporation records. This
practice is especially critical for middle and higher control. The better need to be kept inside the
loop, apprised of the current development, and, in uncommon times, document if any individual
or department isn’t compliant.
Methodology and Approach
Research Philosophy – Research philosophy can be defined as the belief regarding how
the research should be conducted, the data should be gathered, analyzed and used. It can be said
that there are two types of research philosophies, interpretivism as well as positivism.
Interpretivism helps the researcher in interpreting the different elements of the study
(Kouloufakos, 2021). On the other hand, positivism is another type of research philosophy that
can help the researcher in completing the research in an effective manner. Positivists accept as
true with society shapes the individual and use quantitative techniques, intepretivists agree with
individuals shape society and use qualitative strategies. Positivist prefer medical quantitative
strategies, whilst Interpretivists opt for humanistic qualitative techniques. Interpretivism, an
approach to social technology that opposes the positivism of herbal technological know-how.
Qualitative research, a method of inquiry in social science and related disciplines.
Research Approach – Research approach can be referred to as the methods as well as
techniques that are used in order to complete the research project in an effective manner.
Research approach is important and guides the researcher to achieve the research goals as well as
objectives. There are different types of research such as inductive as well as deductive approach.
The research approach is a plan and manner that includes the steps of wide assumptions to
unique methods of records collection, analysis, and interpretation (Kristen and et.al., 2021). The
studies technique is essentially divided into categories: the technique of records collection and.
The method of records evaluation or reasoning. Choosing an inductive method thru thematic
evaluation (a records-driven’ method) for the observe determines that the objective of the
examine is to achieve an expertise of a phenomenon. It does not attention on testing the

hypothesis. Thematic evaluation can both realistically gift studies, which means, and the reality
of members. This also can be used to have a look at the results of those reviews, occasions, and
realities running inside society.
Quantitative studies is generally related to the positivist/postpositivist paradigm. It
commonly involves accumulating and converting information into numerical shape in order that
statistical calculations can be made and conclusions drawn.Qualitative studies is the approach
commonly related to the social constructivist paradigm which emphasises the socially
constructed nature of fact. It is set recording, analysing and attempting to find the deeper
meaning and significance of human behaviour and revel in, inclusive of contradictory beliefs,
behaviours and feelings. Researchers are interested in gaining a rich and complex understanding
of people’s revel in and no longer in obtaining information which can be generalized to other
larger corporations.
Research Design and Process – While conducting the research, the researcher has
ensured that the researcher has used the effective research design in an effective manner (Maggio
and et.al., 2021). The studies design refers to the general strategy which you pick to combine the
distinctive components of the look at in a coherent and logical manner, thereby, making sure
you'll efficiently address the research hassle; it constitutes the blueprint for the gathering,
measurement, and analysis of records. The feature of a studies layout is to make certain that the
evidence received allows you to effectively address the studies trouble logically and as
unambiguously as viable. In social sciences studies, acquiring information relevant to the
research hassle normally involves specifying the type of proof needed to test a principle, to
evaluate a program, or to accurately describe and investigate meaning associated with an
observable phenomenon. With this in thoughts, a common mistake made through researchers is
they begin their investigations a ways too early, earlier than they've notion severely about what
facts is needed to deal with the research trouble. Without getting to those design troubles in
advance, the general studies problem will not be correctly addressed and any conclusions drawn
will run the hazard of being susceptible and unconvincing. As a effect, the general validity of the
study may be undermined.
Research Strategy – A Research Strategy is a step-with the aid of-step course of action
that offers path on your mind and efforts, permitting you to behavior research systematically and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

on time table to produce best effects and specified reporting (Masip-Bruin and et.al., 2021). A
research approach introduces the principle components of a research project such as the research
subject matter region and cognizance, the research perspective, the research design, and the
studies methods (those are mentioned below). It refers to how you recommend to answer the
studies questions set and the way you will implement the methodology. In the first a part of this
path, you started out to discover your research subject matter, to increase your research
announcement and you concept approximately feasible studies query(s). While you would
possibly already have clean research questions or objectives, it is viable that, at this stage, one is
uncertain approximately the maximum suitable approach to enforce in order.
Research Method – This specializes in an in-depth investigation of a unmarried case
(e.G. One employer) or a small range of instances. In case have a look at studies usually, records
is sought from extraordinary resources and thru the use of various styles of records which
include observations, survey, interviews and analysis of files. Data can be qualitative,
quantitative or a combination of each (McIntyre and Frank, 2021). Case look at research lets in a
composite and multifaceted research of the issue or problem. There are exceptional types of
qualitative interviews (e.G. Established, semi-established, unstructured) and this is the most
broadly used method for accumulating facts. Interviews permit get entry to to rich data. They
require vast making plans concerning the development of the structure, decisions approximately
who to interview and the way, whether to behavior man or woman or group interviews, and the
way to record and examine them. Interviewees want a wide variety of competencies, such as
desirable social talents, listening skills and verbal exchange skills. Interviews are also time-
consuming to behavior and they are at risk of problems and biases that need to be minimized at
some stage in the design level.
This is a widely used approach in commercial enterprise research and lets in access to
seriously high numbers of contributors (Meng and et.al., 2021). The availability of on line web
sites enables the huge and cheap distribution of surveys and the organization of the responses.
Although the improvement of questions may also appear clean, to increase a significant
questionnaire that allows the answering of research questions is tough. Questionnaires want to
enchantment to respondents, can not be too lengthy, too intrusive or too difficult to recognize.
They additionally need to measure correctly the problem under research. For these reasons it is

also recommended, whilst feasible, to use questionnaires which are to be had available on the
market and feature already been thoroughly confirmed. This is pretty encouraged for initiatives
which include the only you want to perform for this path. When using questionnaires selections
should be made approximately the size of the pattern and whether and whilst that is
representative of the complete population studied. Surveys can be administered to the whole
populace (census), for example to all personnel of a particular corporation.
The research process will involve different steps that will help the researcher in
completing the study in an effective manner. Action-orientated studies isn't always precisely
action research, even though they are both grounded inside the identical assumptions (e.G. To
supply change). Action studies is a highly complicated technique to investigate, reflection and
alternate which isn't always conceivable in exercise. Furthermore motion researchers need to be
fantastically skilled and it is unlikely that for this particular assignment you may be involved in
movement studies. For those motives this assessment specializes in the much less pure
movement-orientated studies approach (Miadzvetskaya, 2021). If one is inquisitive about
exploring this method and action research similarly. It is feasible with a view to select a
approach that consists of the usage of secondary information. Secondary information is data that
has been accrued via other human beings (e.G. Worker surveys, marketplace studies statistics,
census). Using secondary records to your studies mission wishes to be justified in that it meets
the requirements of the studies questions. The use of secondary statistics has apparent blessings
in terms of saving time and money. However, it's far essential to envision the pleasant of the
records and how it was accrued; as an instance, information accrued with the aid of government
groups would be properly high-quality however it can no longer important meet the wishes of
your challenge.
It is critical to note that there must be consistency between the attitude (subjective or
objective) and the method hired (Okereafor, 2021). This means that the type of approach
followed wishes to be coherent and that its numerous factors want to healthy in with each other,
whether the research is grounded on primary or secondary records.
Sampling – Sampling is an important component of a research study and helps the
researcher in obtaining useful conclusions about the large population. In research phrases a
sample is a group of human beings, objects, or items that are taken from a larger population for

measurement. The sample have to be representative of the populace to ensure that we are able to
generalise the findings from the research pattern to the population as a whole. Probability
sampling is a sampling technique wherein a researcher sets an expansion of some standards and
chooses individuals of a population randomly. All the members have an same opportunity to be
part of the sample with this option parameter. In non-opportunity sampling, the researcher
chooses participants for research at random. This sampling method is not a fixed or predefined
choice process. This makes it tough for all elements of a population to have identical
opportunities to be covered in a pattern. Probability sampling is a sampling technique wherein
researchers choose samples from a bigger population the use of a method primarily based on the
theory of opportunity. This sampling technique considers each member of the population and
paperwork samples based on a set manner (Pâris, 2021). One of the best probability sampling
techniques that enables in saving time and resources, is the Simple Random Sampling technique.
It is a dependable technique of obtaining data where each unmarried member of a population is
chosen randomly, simply with the aid of danger. Each individual has the equal probability of
being selected to be part of a sample.
Results and Findings
Theme 1: Knowledge about cybercrimes and cyber-attacks
Q1. Do you have any knowledge about cybercrimes and cyber-attacks?
a) Yes 20
b) No 10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

a) Yes b) No
0
5
10
15
20
25
20
10
Chart Title
Interpretation – Cybercrimes can be defined as the use of computer to commit any kind
of fraud. From the above graph, it can be stated that out of the 30 respondents, 20 respondents
stated that they had basic knowledge about the concept of different, cyber-crimes that can take
place and have a negative impact on the overall performance of an organization or a business.
The respondents stated that lately, there has been an increase in the number of crimes that take
place on the internet. They also mentioned that they had read about the different cybercrimes in
the news and that this helped them in being aware about the same. On the other hand, the
remaining 10 respondents were of the view point that they were not aware about the concept of
cyber-crimes because they had not read about the same anywhere. Therefore, it can be clearly
stated that the majority of respondents who were asked about their knowledge about the concept
of cyber-crimes.
Theme 2: Different cyber-attack challenges faced by NHS
What are the different cyber-attack challenges faced by NHS?
a) Decline in the number of admissions in the hospitals 15
b) Impact on a large number of computer networks 10
c) Financial losses 5

15
10
5
Chart Title
a) Decline in the number of admissions in the hospitals
b) Impact on a large number of computer networks
c) Financial losses
Interpretation – As already mentioned, NHS was impacted by a ransomware attack
namely, WannaCry in the year 2017. It can be said that it impacted the overall business
operations as well as performance of the respective organization to a great extent. From the
above graph, it can be stated that out of the 30 respondents, 15 respondents had stated that there
was a significant decline in the number of admissions that were made in the different hospitals.
They stated that the reason behind this was that the staff members at the hospitals were unable to
access the records of different patients and hence, this caused difficulties in the process of
admission of new patients. Apart from this, it can also be stated from the above graph that 10 out
of the remaining respondents stated that the cyber-attack has a huge impact on a large number of
computer networks. This is because there were a lot of computers that were connected with each
other and hence the staff members at NHS were unable to login or access to the computers
within the organization. Lastly, it can also be stated that the remaining 5 respondents had stated
that the respective company, NHS had faced a lot of financial losses because of the WannaCry
ransomware attack. Therefore, it can be said that there has been a massive impact on the overall
operations as well as performance because of the respective ransomware attack.
Theme 3: Systems to mitigate various attacks/ challenges
Q3. What are the systems to mitigate various attacks/ challenges?
a) Crimeware 10
b) Espionage 5

c) Fraud 7
d) All of the above 8
a) Crimeware b) Espionage c) Fraud d) All of the above
0
2
4
6
8
10
12
10
5
7
8
Chart Title
Interpretation – There are different systems that can be used to mitigate various cyber -
attacks or cyber-crimes. From the above graph, it can be stated that 10 out of the 30 respondents
stated that crimeware is one of the systems that can be used to mitigate the system. Apart from
this, 5 respondents stated that espionage is another system that can be used. Apart from this, it
can be said that fraud is also one of the other frauds that can be used to mitigate the attacks as
well as cybercrimes. Lastly, the remaining 8 respondents stated that all of the above are the
systems that can be mitigated for the different cyber-attacks.
Theme 4: Controls available for different types of cyber-attacks
Q4. What are the controls available for different types of cyber-attacks?
a) Effective implementation of measures 10
b) Training of employees 10
c) Security of computer networks 10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

a) Effective implementation
of measures b) Training of employees c) Security of computer
networks
0
2
4
6
8
10
12
10 10 10
Chart Title
Interpretation – From the above report, it can be concluded that 10 respondents stated
that effective implementation of measures that can be used for controlling the different cyber-
crimes that can otherwise affect the overall business operations as well as profitability of the
company to a great extent. They also stated that it is important to ensure that the measures are
implemented in an effective manner so that the risks of any kind of cyber-attacks as well as
cyber-crimes can be eliminated. Apart from this, it can also be stated that 10 respondents were of
the view point that the employees should be trained in an effective manner. They stated that the
employees should be trained that so that they can perform in an effective manner. It was found
that the respondents stated that training is important and can help the individuals in the overall
performance of business as well as its overall profitability. It can also be stated that the
remaining 10 respondents stated that security of the computer networks is one of the control
measures that can also be implemented in the same. The respondents stated that security of the
computer networks is important because it can help in enhancing the overall business of the
organization.
Theme 5: Awareness of the WannaCry ransomware attack on NHS
Q5. Are you aware of the WannaCry ransomware attack on NHS?
a) Yes 22
b) No 8

22
8
Chart Title
a) Yes b) No
Interpretation – WannaCry ransomware attack has impacted the overall operations of
the respective organization, NHS to a great extent. From the above report, it can be said that 22
respondents said that they were aware about the ransomware attack. This is because they had
read about the same on a website or in the newspaper. Apart from this, it was found that the
remaining 8 respondents were of the view point that they were not aware about the same. Hence,
this means that the majority of the respondents were aware about the concept and that they had
read about the same.
Theme 6: Different types of cyber-crimes
Q6. In your opinion, what are the different types of cyber-crimes?
a) Identity theft 12
b) Ransomware attack 10
c) Phishing 4
d) Botnets 4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

a) Identity theft b) Ransomware
attack c) Phishing d) Botnets
0
2
4
6
8
10
12
14
12
10
4 4
Chart Title
Interpretation – From the above graph, it can be stated that out of the 30 respondents, 12
respondents were of the view point that identity theft is one of the types of cybercrime that can
affect the overall performance of the firm. Apart from this, out of the remaining respondents, it
can be said that 10 respondents stated that ransomware attack is also one of the cyber-attacks that
can have an impact on the overall business performance as well as profitability. It was also found
that 4 out of the 8 respondents stated that phishing while the remaining respondents stated that
botnets are a type of cybercrime. A botnet is a set of internet-connected gadgets inflamed by
means of malware that allow hackers to control them. Cyber criminals use botnets to instigate
botnet attacks, which include malicious sports such as credentials leaks, unauthorized get right of
entry to, information theft and DDoS attacks. Each person gadget beneath the manipulate of the
bot-herder is called a bot. From one principal factor, the attacking party can command each
computer on its botnet to simultaneously perform a coordinated criminal action. The scale of a
botnet (many constructed from millions of bots) enable the attacker to carry out massive-scale
moves that have been previously not possible with malware. Since botnets stay beneath control
of a far off attacker, infected machines can receive updates and alternate their conduct on the fly.
As a result, bot-herders are often able to lease get entry to segments in their botnet at the black
marketplace for sizable financial benefit.
Theme 7: Implementation of measures to eliminate cyber-crime
Q7. Has your organization implemented measures to eliminate or avoid cyber-crimes?
a) Yes 20

b) No 10
a) Yes b) No
0
5
10
15
20
25
20
10
Chart Title
Interpretation – From the above graph, it can be interpreted that out of the 30
respondents, 20 respondents stated that the organization that they were working for has
implemented effective measures in order to control or eliminate any kind of cyber-attack or
cyber-crime. Apart from this, it can also be stated that 10 respondents stated that their
organization has not implemented effective measures to control cyberattacks.
Analysis and Conclusions
From the above report, it can be concluded that the WannaCry ransomware attack had a
significant impact on NHS. The WannaCry ransomware attack had a terrible impact on the
general overall performance of NHS. The agency had to face the assignment of a widespread
decline in the wide variety of admissions that were made to the hospitals (Ukwandu and et.al.,
2021). The ransomware attack had an impact on a massive variety of pc networks and this
brought about massive quantities of losses for the respective organization. As already referred to,
the patients had been now not able to book their appointments on the hospitals. And also, the
clinic staff additionally faced problems with reading as well as assessing the statistics of the
patients that were maintained. Besides this, there was additionally economic loss that the
respective business enterprise, NHS needed to face. It can be said that cyber-assaults can have an

immediate impact on now not handiest the operations of an company, but can also result in an
growth in the normal demanding situations. And as a long way as NHS is concerned, the
organisation become affected to a extraordinary volume by using the WannaCry ransomware
attack.
The WannaCry ransomware assault also posed diverse other demanding situations to
NHS inclusive of there was a leak of a variety of information. An normal cyber coverage policy
will shield agencies in opposition to extortion which incorporates ransomware attacks. But,
alternatively worryingly, maximum agencies outside the U.S. Nevertheless don’t have cyber
cowl. Nearly nine out of 10 cyber insurance policies in the global are within the U.S. – in issue
due to extra flair for litigation within the United States and breach notification legal guidelines
setting duties on groups (Yadav and et.al., 2021). The upcoming European Union General Data
Protection Regulation (GDPR), because of be applied in May 2018, is probably to growth cyber
insurance penetration in Europe – but EU organizations though lag in the back of. However,
insurance isn't a trap-all answer, and it's far essential for policyholders to apprehend the
limitations of their insurance packages. Many guidelines have a deductible greater than $300, so
the WannaCry ransom rate itself might now not be protected. And despite the fact that there are
appropriate coverage gives, it’s important policyholders apprehend how they paintings.
There can be one-of-a-kind structures that can be utilized by the hackers as a way to
mitigate the diverse assaults and demanding situations (The NHS cyber attack, 2021). This
includes all kinds of malware designed to automate cybercrime, with Ransomware being the
most prominent example. For the crook, launching an assault and retaining documents for
ransom is exceptionally fast, of low chance and easy to capitalize on — in particular with
cryptocurrency which include Bitcoin that allows them to anonymously pocket bills.It all begins
with consistent patching and stressing the importance of software program application updates –
that applies no longer pleasant for the cutting-edge anti-virus styles, but also for applications and
even the operating device itself. There are different macro-enabled MS Office files and train
users in no manner to click on on suspicious links.
Cyber-attacks can result in diverse demanding situations and may have a drastic impact
on the overall performance of an business enterprise. This is due to the fact a cyber-attack may
be conducted to attain beneficial information or to thieve identification. The WannaCry

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

ransomware attack that the respective corporation NHS faced become not without delay focused
at the corporation. WannaCry is one of the maximum well-known ransomware assaults that have
an effect on no longer best NHS, but also numerous different organizations. It posed numerous
demanding situations to the respective business enterprise including the enterprise could not
access the documents across its distinct centers (Yamin and et.al., 2021). This changed into a
massive venture because being one among the biggest healthcare corporations within the United
Kingdom and This became also due to the fact extra than 60 NHS trusts were suffering from the
ransomware attack. One of the opposite challenges changed into that many centers had been now
not able to get right of entry to the records of the sufferers and subsequently, this led to delays in
of surgical procedures as well as cancellations of sufferers’ appointments. There were a few
hospitals who had to divert their ambulances to different locations. In all, it can be stated that the
ransomware assault posed lots of demanding situations for NHS.
An rising tactic includes suspicious e-mails wherein “the CEO” or some other senior legit
unexpectedly orders cord transfers with an urgent and plausible again-tale. While it'd sound easy,
lamentably it often works. The organizations ought to be knowledgeable — specifically in
finance — that nobody will request a charge thru an unauthorized way. Moreover, ask IT to mark
outside e-mails with an unmistakable stamp. Human beings are although the weakest hyperlink
in any employer’s virtual protection tool. People make mistakes, overlook matters, or fall for
fraudulent practices. That’s in which cyber safety consciousness comes in.
From the above report, it can be stated that cybercrimes can affect the overall
performance of a firm. Ironically, the patch had to prevent WannaCry infections was in reality
available earlier than the assault started: Microsoft Security Bulletin MS17-010, released on
March 14, 2017, updated the Windows implementation of the SMB protocol to save you
contamination through EternalBlue (Yannakogeorgos, 2021). However, notwithstanding the fact
that Microsoft had flagged the patch as crucial, many systems were nonetheless unpatched as of
May of 2017 while WannaCry started out its rapid unfold. For the ones unpatched structures
which might be infected, there is little remedy beyond restoring files from a secure backup — so
allow that be a lesson that you should usually lower back up your documents. While the ones
tracking the bitcoin wallets recognized in the extortion message say that some humans are paying
the ransom, there's little proof that they are regaining access to their documents. After the initial

dirt settled, numerous protection researchers commenced working to try to parent out the origins
of WannaCry. Symantec had a provocative take: they believed that the code might have a North
Korean starting place. They laid out the proof in a weblog put up, in which they mentioned a
little-regarded fact: that WannaCry had actually been circulating for months before it exploded
across the net on May 12, 2017.
The bigger threat these days are from WannaCry variants, or extra particularly, new
malware based at the equal EternalBlue code as Wannacry. In May 2018, ESET released studies
that confirmed detections of EternalBlue-based totally malware spiking beyond their highest
stage in 2017. Immediately after WannaCry, detections of EternalBlue-based assaults dropped to
three hundred a day, however steadily rose once more until spiking in April (Yannakogeorgos,
2021). The Department and Cabinet Office wrote to trusts in 2014, saying it changed into critical
they'd “strong plans” emigrate faraway from old software, such as Windows XP with the aid of
April 2015. In March and April 2017, NHS Digital had issued vital indicators warning firms to
patch their structures to save you WannaCry. However, earlier than 12 May 2017, the
Department had no formal mechanism for assessing whether neighborhood NHS organisations
had complied with their advice and guidance and whether or not they have been organized for a
cyber assault.N 12 May, NHS England to start with diagnosed 45 NHS companies along with 37
trusts that have been infected with the aid of the WannaCry ransomware. In overall at least 81
out of 236 trusts across England were affected. A similarly 603 primary care and different NHS
organizations were inflamed through WannaCry, which include 595 GP practices. However, the
Department does no longer recognize what number of NHS organisations could not get
admission to information or acquire information, because they shared records or structures with
an inflamed agree with. NHS Digital told us that it believes no affected person statistics have
been compromised or stolen.

REFERENCES
Books & Journals
Aquilina, S.J. and et.al., 2021. EtherClue: Digital investigation of attacks on Ethereum smart
contracts. arXiv preprint arXiv:2104.05293.
Bendiab, G. and et.al., 2021. IoT Security Frameworks and Countermeasures. In Internet of
Things, Threats, Landscape, and Countermeasures (pp. 239-289). CRC Press.
Boyle, K., 2021. Cyber Hygiene Leadership in Organizations. In Cyber Security And Supply
Chain Management: Risks, Challenges, And Solutions (pp. 31-49).
Brett, M., 2021. An overview of current issues and practice relating to local government cyber
security in England and Wales. Cyber Security: A Peer-Reviewed Journal, 4(4), pp.330-
344.
Calderon, T. and Gao, L., 2021. Comparing the Cybersecurity Risk Disclosures of US and
Foreign Firms. Journal of Emerging Technologies in Accounting.
Djenna, A., Harous, S. and Saidouni, D.E., 2021. Internet of Things Meet Internet of Threats:
New Concern Cyber Security Issues of Critical Cyber Infrastructure. Applied Sciences,
11(10), p.4580.
Formosa, P., Wilson, M. and Richards, D., 2021. A principlist framework for cybersecurity
ethics. Computers & Security, 109, p.102382.
Jabbar, M.A., Prasad, K.M. and Aluvalu, R., 2021. Future challenges for cyber-security in a
smart city environment in Indian context.
Jimada, S. and et.al., 2021. Analysis of Ransomware, Methodologies Used by Attackers and
Mitigation Techniques. In Research in Intelligent and Computing in Engineering (pp.
379-387). Springer, Singapore.
Jofre, M., Navarro-Llobet, D. and et.al., 2021. Cybersecurity and Privacy Risk Assessment of
Point-of-Care Systems in Healthcare—A Use Case Approach. Applied Sciences, 11(15),
p.6699.
Kaur, G. and Lashkari, A.H., 2021. An Introduction to Security Operations. In Advances in
Cybersecurity Management (pp. 463-481). Springer, Cham.
Kolokotronis, N. and Shiaeles, S. eds., 2021. Cyber-Security Threats, Actors, and Dynamic
Mitigation.
Kouloufakos, T., 2021. The prohibition of the threat or use of force in cyberspace: novel legal
frontier or adaptation of old frameworks?. The Military Law and the Law of War Review,
59(1), pp.89-113.
Kristen, E. and et.al., 2021. Security Assessment of Agriculture IoT (AIoT) Applications.
Applied Sciences, 11(13), p.5841.
Maggio, L.A. and et.al., 2021. Cybersecurity challenges and the academic health center: an
interactive tabletop simulation for executives. Academic Medicine, 96(6), pp.850-853.
Masip-Bruin, X. and et.al., 2021. Provisioning Cybersecurity in ICT Complex Supply Chains:
An Overview, Key Issues and a Relevant Architecture.
McIntyre, D.L. and Frank, R., 2021. No Gambles with Information Security: The Victim
Psychology of a Ransomware Attack. Cybercrime in Context: The human factor in
victimization, offending, and policing, p.43.
Meng, X. and et.al., 2021. Semi-supervised anomaly detection in dynamic communication
networks. Information Sciences, 571, pp.527-542.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Miadzvetskaya, Y., 2021. Cyber sanctions: towards a European Union cyber intelligence
service?. College of Europe Policy Brief series (CEPOB).
Okereafor, K., 2021. Cybersecurity in the COVID-19 Pandemic. CRC Press.
Pâris, C., 2021. Guardian of the Galaxy? Assessing the European Union’s International
Actorness in Cyberspace. College of Europe Diplomacy Paper January 2021.
Ukwandu, E. and et.al., 2021. Cyber-Security Challenges in Aviation Industry: A Review of
Current and Future Trends. arXiv preprint arXiv:2107.04910.
Yadav, H. and et.al., 2021. Various Types of Cybercrime and Its Affected Area. In Emerging
Technologies in Data Mining and Information Security: Proceedings of IEMIS 2020,
Volume 3 (pp. 305-315). Springer Singapore.
Yamin, M.M. and et.al., 2021. Weaponized AI for cyber attacks. Journal of Information Security
and Applications, 57, p.102722.
Yannakogeorgos, P., 2021. Cyber Competition and Global Stability. In The Future of Global
Affairs (pp. 223-246). Palgrave Macmillan, Cham.
Online
The NHS cyber attack. 2021. [Online]. Available through:<
https://www.acronis.com/en-in/articles/nhs-cyber-attack/>.

Appendix
Questionnaire
Q1. Do you have any knowledge about cybercrimes and cyber-attacks?
a) Yes
b) No
Q2. What are the different cyber-attack challenges faced by NHS?
a) Decline in the number of admissions in the hospitals
b) Impact on a large number of computer networks
c) Financial losses
Q3. What are the systems to mitigate various attacks/ challenges?
a) Crimeware
b) Espionage
c) Fraud
d) All of the above
Q4. What are the controls available for different types of cyber-attacks?
a) Effective implementation of measures
b) Training of employees
c) Security of computer networks
Q5. Are you aware of the WannaCry ransomware attack on NHS?
a) Yes
b) No
Q6. In your opinion, what are the different types of cyber-crimes?
a) Identity theft
b) Ransomware attack
c) Phishing
d) Botnets
Q7. Has your organization implemented measures to eliminate or avoid cyber-crimes?
a) Yes
b) No
Q8. Any recommendations or suggestions

1 out of 28

Cyberattack Challenges in Organizational Landscape: A Case for NHS 2017 WannaCry Ransomware Attack

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Cyber Security Fraud, Scams, and Identity Theft

Identity Theft Using Social Engineering - Investigating Its Impact on Society and Students

Ransomware Attack and Cybersecurity

Cyber Security Fraud, Scam and Identity Theft

Preventive Measures Against Identity Crime and Consumer Scams

Ransomware & Malware

+13062052269

info@desklib.com