Global cyber hack – A growing concern for Information Security

You are likely to have seen or read the widely reported press that there has been a significant wave of ransomware affected a large number of global health bodies and their access to data held on computer systems.

Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target corporate networks. In spite of these, there are many pragmatic steps which organisations can take to reduce the likelihood of incidents, limit their impact when one does occur, and to recover swiftly and effectively. These span several aspects of IT operations and security, and primarily relate to:

  • Robust business continuity planning and exercising, and the ability to restore rapidly from backups;
  • Crisis and incident response planning and exercising to ensure incidents are managed to resolution swiftly;
  • Strong security hygiene policies and user awareness to prevent ransomware entering your IT environment through both technical controls and vigilant employees; and,
  • Rigorous patch and vulnerability management ensuring you make effective use of work already done to address vulnerabilities.

Effective implementation of an Information Security Management System aligned to ISO 27001 should help your organisation to better manage your information security risks, and determine the controls that are necessary to maintain the confidentiality, integrity and availability of your information. 

The Standard provides guidance on business continuity within information security (clause A.17), the incident management process (clause A.16), policies for information security (clause A.5) and the requirements for personnel within the information security management system (clause A.7), and the management of technical vulnerabilities (clause A.12).

Whilst it’s important to note that successful implementation of an Information Security management system should certainly help an organisation to better manage its information security risks, it may not prevent all potential breaches and losses from occurring; it does, however, provide a framework for the selection of appropriate controls aimed at enhancing the confidentiality, integrity, and availability of information within an organisation.

PwC never recommends paying a ransomware ransom, unless there are extreme circumstances that you believe warrant payment. Doing so fuels the ransomware economy, funding development of additional ransomware techniques and campaigns.

PwC has released a report containing more technical details and recommendations about this ransomware. To request a copy, please email .

More information can be found:

For more information about attending an Information Security Management systems course, click below.

Information Security Management Systems 

“Well structured content, fantastic presentation by Miguel and loads learnt. The ISO 27001 training is helping me understand my clients’ needs better and make useful recommendations. Moreover, this was so much fun – thanks team!”

“Overall very valuable course. Balance of theory with practical workshops was excellent. Trainers stuck to the timetable very well.”

“To be honest, I wasn’t really looking forward to the training and wasn’t too sure what to expect. It turned out to be quite enjoyable and a really great experience which I put down to the facilitators, Pat and Tom and the group. Both Pat and Tom shared their breadth of knowledge and experiences and were really engaging.”

“Great presentation of the course, engaging facilitators and good use of group work. I found the course to be a great refresher for an audit course I did 10 years ago and now feel more motivated to go audits in a non-bow tie way!”

“Trainers’ knowledge was excellent, their knowledge made the training and learning easy.”