Last week’s cyber attack on systems across the world, including many NHS trusts in England and 13 Scottish NHS boards, caused panic and confusion for many patients.
Malicious software (Malware) attacks are becoming an increasing threat for the NHS, which has been repeatedly warned about its being at risk from a cyber security breach. The chances of a breach are greatly heightened by out of date security software and poor security measures, such as opening suspicious emails.
According to reports, many of the systems attacked had Windows XP installed, a slightly dated version of the popular operating system used on almost all non-Apple laptops and desktop computers.
The university also runs Windows, but is of the more recent versions, such as Windows 10.
Following the attack, the university released advice on how to prevent a cyber attack for staff and students, and sought to comfort users that it has a “powerful firewall” in place and updates are carried out regularly.
The current decade sees software companies in an “arms race” with hackers, trying to predict and react to the attacks posed. Craig Docherty, a computing science PhD researcher at Stirling, said attacks can be stopped before they prove fatal to the systems.
He said: “Attacks like WannaCry…generally come in two stages: there’s an initial probing and preparing the attack, then there’s the attack itself. Stopping the first stage is essential in mitigating the chances of a successful attack – as well as maximising personal safety.
“The university advice points out two useful tips for this: “Do not click on links from unknown sources”, and “Do not give your password to anyone ever – either by email or by telephone.”
However, other attacks come in one stage, known as Distributed Denial of Service (DDoS) attacks, and can be much harder to prevent. Anyone could be at risk of such an attack, Docherty said.
All institutions run an intranet system, where all the computers are connected to the same server. This makes them more susceptible to being contaminated by other computers with a virus, unlike an individual’s computer.
Docherty added: “As far as the institution itself goes, there may be those wishing to target servers or machines running on the network for various reasons. This holds true for all universities, and institutions in general.
“If the university were to be the target of a DDoS attack, then there isn’t much that can be done by anyone to prevent it. More invasive attacks, such as the WannaCry ransomware, can be much more readily prevented.
“The university does a good job at promoting cyber security, engaging with students to inform them of the risks and how to mitigate them, and keeping the digital estate secure. However, everything relies on people at the end of the day. So whilst we might have the best defences possible, if someone open a suspicious email attachment, or gives out some login information, then it drastically reduces their potential effectiveness.”
The university has asked anyone who uses Windows XP to contact the Information Centre, and to cease using their computer immediately if possible.