Essay Example on This study will illustrate several aspects of economics of Information

This study will illustrate several aspects of economics of information security by analysing a specific cybersecurity breach and explain its significance for the broader cybersecurity economy It will also discuss the specific information security practices or lack thereof that lead to the breach the method through which the breach was exploited discussion of the economic costs of this breach for those that were directly affected by it and what measures could have been taken to mitigate the breach Finally the study will contextualise this case study in the broader cyber security economy by highlighting the significance of this case study for broader economic costs and practices associated with cyber security The cybersecurity breach that has been chosen to be analysed is the WannaCry cyber attack in 2017 and mainly focusing on the impact it had on healthcare NHS On Friday 12 May 2017 a ransomware attack was launched globally known as WannaCry which affected more than 200 000 computers in 150 countries In the UK one of the biggest victim of this attack was the NHS however it was not a targeted attack According to NHS England the ransomware affected at least 81 trusts across 

England either infected by the ransomware or turned off their devices and systems as a precautionary measure Additionally 603 primary care and 595 GP practices were also infected Hughes 2017 NHS England identified 6 912 appointments and an unknown number of operations were cancelled and some patients in certain location had to travel further to accident and emergency departments Sandle 2017 All the NHS trust were advised to not to pay ransom and The Department of Health NHS England and the National Crime Agency assured that no NHS organisation paid the ransom However The Department does not know how much the disruption to services cost the NHS costs include cancelled appointments additional IT support IT consultants data recovery damaged systems and staff working overtime On the evening of 12 May a cyber security researched activated built in kill switch to stop WannaCry from locking devices but did not stop infecting the devices Newman 2018 The US and UK government accused North Korea was responsible for WannaCry Mr Bossert who advises the president on homeland security said the US findings concurred with judgements from other governments and private companies and it was all based on evidence even though he did not produce any evidence in the article

The WannaCry ransomware operates by encrypting data on a computer that has been infected The ransomware then informs the user that their files have been locked and provides information on how much is to be paid and when payment is taken in Bitcoin for anonymity The cost of decrypting all the files in the computer was between 300 and 600 Security Response Team 2017 Malwarebytes s threat intelligence team suggests that EternalBlue is the original culprit of the ransomware spread The leaked EternalBlue software from NSA exploits vulnerabilities in public facing servers The vulnerability works by injecting code into vulnerable systems to search for backdoor malware Double Pulsar that has already been running undetected to gain access to the system Simon Lewis 2018 The reason the NHS suffered big damage was mainly because 42 NHS trusts used an outdated operating system Windows XP Support for Windows XP ended in 2014 and the custom support for government organisations ended in May 2015 NHS was advised by the government to migrate away from Windows XP by April 2015 Since this deadline was ignored any NHS organisation using the outdated operating system vulnerable to attack Ford 2017 The NHS could have avoided WannaCry attack by following basic security recommendations 

All NHS organisations infected by WannaCry had unpatched or unsupported operating systems and were susceptible to the ransomware NHS could have protected themselves by patching vulnerabilities with latest updates managing firewalls facing the Internet and running supported operating systems to ensure security Comptroller and Auditor General 2017 This security breach had a big negative impact on NHS as they lost money productivity and reputation A member of parliament revealed the emergency measures put in place over WannaCry cut into the agencies internal budgets and has cost NHS Digital and NHS England 180 000 Stevens 2017 NHS trusts did not reveal the direct financial implications of the cyber attack but a source at one of the trusts has indicated it will exceed 1 million Khalil 2018 A cyber risk modelling firm Cyence estimated the potential costs from the hack at 4 billion globally This also includes loss of productivity cost of restoration of data and cost of investigation Berr 2017 The attack also infected the patients as infected NHS organisations could not access important electronic information including patient records 

The review by NHS England identified at least 139 patients who had an urgent referral for potential cancer cancelled NHS organisations did not report any cases of harm to patients or of data being stolen or compromised but the availability of the data was affected by this attack The analysis of the WannaCry ransomware suggested the attack was not aimed at accessing or stealing data of patients although it is unclear if this is the case Comptroller and Auditor General 2017 If GDPR was in effect during the time of this attack NHS could have had to pay a fine of at least 20 million or 4 of annual turnover whichever is greater Under the regulation organisations must adopt appropriate policies processes and procedures to protect the personal data they hold and ensure compliance Even though the main purpose of the ransomware was not to steal any data we cannot confirm that no data was stolen so NHS would mostly like would