Expert Comments

Microsoft Excel spreadsheet error leads to major COVID UK stats mishap – cybersecurity experts have their say

Expert(s): Security Experts
Expert(s): Security Experts

Almost 16,000 cases of coronavirus in the UK went unreported because of a glitch caused by an Excel spreadsheet, it has been reported. Public Health England (PHE) said 15,841 daily COVID-19 cases between 25 September and 2 October had been left out of UK totals. The error has caused delays in tracking the contacts of people who tested positive. On Monday, the Press Association (PA) news agency reported that the problem was caused by a Microsoft Excel spreadsheet reaching its maximum file size.

Commenting on the news are the following cybersecurity experts:

Experts Comments

Dot Your Expert Comments
David Kennefick
October 05, 2020
Solutions Architect
Edgescan

Track and trace is very new for most countries.
In an ideal world, Excel would not be used to correlate the track and trace information. While Excel would be an excellent tool for this, it is missing some vital components that would make this viable in the long term. The main benefit of track and trace technology is rapidly being able to notify somebody of any potential exposures. I would speculate that PHE is looking to move to a more suitable technology that can provide more granular permissions for users who are creating, reading,.....Read More
In an ideal world, Excel would not be used to correlate the track and trace information. While Excel would be an excellent tool for this, it is missing some vital components that would make this viable in the long term. The main benefit of track and trace technology is rapidly being able to notify somebody of any potential exposures. I would speculate that PHE is looking to move to a more suitable technology that can provide more granular permissions for users who are creating, reading, updating, and deleting information on the current system. Excel may be used to refine the process for implementation into another more suitable technology. The main concerns are, who has access to the data, do they need access, is their access audited, and do they have access to only the data that pertains to them being able to perform their tasks in a timely manner. Track and trace is very new for most countries, there will be a bedding-in period where these questions must be answered.  Read Less
Javvad Malik
October 05, 2020
Security Awareness Advocate
KnowBe4

The best approach would be to select the appropriate technologies for the job.
Don't be fooled by the slight improvement in weather... in a minute we'll find those extra raindrops were misplaced in an excel file in the cloud and come thundering down on us... I make no apologies for mixing metaphors! If indeed the Government was using Excel to track COVID cases, it is a wholly inappropriate use of the tool. Excel is a very good spreadsheet, but it has its limitations and in no way ever intended to be used as a database. Procedures around using end user-developed.....Read More
Don't be fooled by the slight improvement in weather... in a minute we'll find those extra raindrops were misplaced in an excel file in the cloud and come thundering down on us... I make no apologies for mixing metaphors! If indeed the Government was using Excel to track COVID cases, it is a wholly inappropriate use of the tool. Excel is a very good spreadsheet, but it has its limitations and in no way ever intended to be used as a database. Procedures around using end user-developed applications are well-understood and mature within the industry. Sarbanes Oxley (SOX) incorporates End User Computing Controls as a key accountability. That is, where end user-developed applications, like using Excel to perform a critical function should have confidentiality, integrity, availability, and recoverability built-in. However, the best approach would be to select the appropriate technologies for the job. There are well-developed databases and technologies, both on-prem and in the cloud that would be far more secure and appropriate to use. For such projects, a culture of security needs to be cultivated from the beginning so that the right security decisions are made and enforced throughout the development and running of a platform.  Read Less
Paul (PJ) Norris
October 05, 2020
Senior Systems Engineer
Tripwire

Additional problems around spreadsheets are around resiliency and potential data loss.
Excel is an excellent tool to report and filter data. It’s not unheard of that organisations today use common tools to process data using desktop tools, however, it’s evident that there is a limit to how much data these tools can handle before it becomes unresponsive and potentially produce reports that may have missing data. Desktop tools such as Excel should not be used for large datasets, and investment should be made into technology that can securely process large datasets to ensure.....Read More
Excel is an excellent tool to report and filter data. It’s not unheard of that organisations today use common tools to process data using desktop tools, however, it’s evident that there is a limit to how much data these tools can handle before it becomes unresponsive and potentially produce reports that may have missing data. Desktop tools such as Excel should not be used for large datasets, and investment should be made into technology that can securely process large datasets to ensure data integrity and accurate results. Additional problems around spreadsheets are around resiliency and potential data loss, with limited controls on what can be deleted and restored if lost. Backups of this data are harder to manage if in constant use, and security controls need to be adopted to ensure access to the spreadsheet data is not readily available to anyone.  Read Less
Martin Jartelius
October 05, 2020
CSO
Outpost24

To see that it’s still in use and has hit the limits of its capacity is more than embarrassing.
How storing information on medical information in excel files which are then circulated to a wide audience can be seen as anything apart from the outmost temporary solutions is surprising given the rather strict opinions on data privacy voiced within the European Union over the last few years. It is not strange if this was the solution day one, week one, month one, but to see that it’s still in use and has hit the limits of its capacity is more than embarrassing. And to see that the solution.....Read More
How storing information on medical information in excel files which are then circulated to a wide audience can be seen as anything apart from the outmost temporary solutions is surprising given the rather strict opinions on data privacy voiced within the European Union over the last few years. It is not strange if this was the solution day one, week one, month one, but to see that it’s still in use and has hit the limits of its capacity is more than embarrassing. And to see that the solution has been to “split the file in batches” rather than finding a proper solution to an actual problem even more so.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...