We’ve been in Teams meetings together with customers for many years, but do you get the chance to really meet the people? This section of our newsletter aims to shine a light on the people behind the service, and Joe Cozzi drew the short straw of being interviewed this month.
Tell us a bit about yourself?
I’m based in Bracknell in Berkshire (not as bad as everyone makes out), married to Danielle for 5 years, and have two daughters Mia (6) and Lilly (1) – you’ll see them all in the pictures. With Xmas around the corner, I’m more likely to be found hiding Barbie’s Dream House (it’s huge!) than out with the lads playing Sunday football. I used to play a lot and at a good level when I was much younger, but age and injuries made the dream of playing for Arsenal fade away, compared to spending time in the safer environment of the gym. In my rare moments of downtime, you’ll find me playing role-based games – Indiana Jones is the current favourite – it helps feed my love of puzzles and problem solving.
What’s your role at BlueFort and what does it involve?
I’m a technical consultant with a wide understanding of our solutions but more in-depth with some of our technologies such as F5 and Silverfort. This means I could be supporting customers in matching the right solution to their needs, setting up evaluations, scoping and installing the right solution, and then supporting the customer’s technical teams.
What do you love about your job?
I love meeting customers, uncovering their challenges, and trying to solve the puzzles. It’s very rewarding to help identify things that could be fixed or improved, and then being there to see that make a difference. My favourite part of the role is pre-sales as it’s all about problem solving.
How did you get started?
I joined BlueFort in the commercial team and was originally an account manager. During Covid I found myself drawn towards finding out more about technology and so started with a lot of self-learning about cyber security, networks, and the solutions we deployed. The more I delved, the more interested I became, and it was clear that my skills were more closely aligned to the technical team than sales. Fortunately for me, the sales manager allowed me to apply for a technical role and I haven’t looked back.
What is your favourite technology right now?
We’ve got such a variety of solutions it can be hard to pick but if pressed I love the simplicity of Silverfort. I find it really straightforward and among other things, it fixes an often-ignored security gap with service accounts – they probably need multifactor authentication as much as remote users but it’s not easy without a specialist tool.
If you could have a super-power, then what would it be?
If you’ve seen the size of Barbie’s Dream House, you’d know that a cloaking mechanism would come in handy! Otherwise, unlimited strength so that I stop getting injured playing centre back.
Working with dozens of individual trusts across the country puts BlueFort at the coalface of cyberattacks on our NHS. The ransomware attack on Synnovis earlier this year, served as a stark reminder of the cybersecurity challenges faced by the NHS and its broader supply chain. This incident, which disrupted pathology services across South East London, underscores the vulnerabilities in third-party systems, and their potential impact on patient care. With rising cyber threats targeting healthcare organisations globally, NHS trusts must adopt proactive strategies to enhance their defences. Our CTO, Josh Neame, has identified four actionable approaches to mitigate these risks and safeguard essential services.
1. Fortify Critical Systems and Networks
The Synnovis attack highlighted how interconnected systems can be exploited to disrupt critical services. NHS trusts should prioritize endpoint security by deploying tools that detect and respond to threats in real-time, minimizing the window of exposure. Advanced measures, such as behavioural analysis and automated responses, can help contain threats before they escalate.
Additionally, network segmentation is vital for isolating critical operations like pathology services. This approach ensures that even if one segment is compromised, the attacker cannot access the entire network. Trusts must also address vulnerabilities in legacy systems, which are common in healthcare, by applying patches or using virtual protections where updates are unavailable.
2. Enhance Backup and Recovery Measures
One of the most effective defences against ransomware is robust backup and recovery planning. Regularly backing up critical data to secure, offsite locations ensures resilience, even in the face of a successful attack. To further strengthen recovery capabilities, trusts should conduct disaster recovery drills to verify that backups can be restored quickly and effectively, minimizing downtime for essential services.
3. Strengthen Third-Party and Staff Security
The reliance on third-party vendors, as seen with Synnovis, creates additional vulnerabilities. NHS trusts must perform rigorous security audits of partners, ensuring they comply with standards like ISO 27001 and implement robust access control and multifactor authentication. This reduces the risk of supply chain attacks that can cascade into NHS systems.
Internally, employee awareness is critical. Cybersecurity training programs should focus on recognizing phishing attempts, handling sensitive data securely, and understanding the protocols for reporting suspicious activities. Since human error remains a leading cause of breaches, empowering staff with knowledge is one of the most cost-effective preventive measures.
4. Proactive Threat Detection and Incident Response
Detecting and mitigating threats before they cause damage is essential in today’s rapidly evolving cyber landscape. Trusts should invest in tools that use AI and machine learning to identify unusual network activity, leveraging insights from global threat intelligence feeds to stay ahead of attackers.
An effective incident response plan is equally important. Predefined roles, clear escalation paths and regular testing, ensure that NHS teams can respond swiftly and efficiently to any cyber incidents, minimizing disruption to patient care.
Conclusion
The Synnovis ransomware attack served as a wake-up call, emphasising the need for robust cybersecurity measures across the NHS. By implementing these strategies, fortifying systems, enhancing backups, securing third-party interactions and adopting proactive detection measures, NHS trusts can reduce their vulnerability to attacks and ensure the continuity of critical services.
To learn more about how to take rapid steps to shore up your cybersecurity in the interim, whilst we await further NHS guidance, please reach out to BlueFort at info@bluefort.com.
