By focusing on basic software IP cyber hygiene, organisations and consumers be better protected from the most common cyber threats
The Federation Against Software Theft (FAST) has welcomed the inquiry being held by the UK Government’s Culture, Media and Sport Committee into cyber security. The Committee, chaired by Conservative MP, Jesse Norman, has launched the inquiry following the recent online data breach at TalkTalk and its scope covers the protection of personal data online.
Julian Heathcote-Hobbins, General Counsel, FAST, stated: “We welcome this inquiry and have taken the opportunity to respond by written submission. Considering the widespread use of cloud computing, it is imperative that trust and confidence is maintained to protect personal data online. Business and consumers of software must realise risks in illicit copies, be pro-active and take responsibility in buying software and services from legitimate and trusted sources in order to work towards being safe. In other words, being sure of provenance.”
In its submission FAST highlighted to the Committee the risks of buying non-genuine software or services :
- Not receiving all the updates/patches a user is entitled to which can reduce security.
- Malware (viruses) included in illegal copies of software may pose an unknown security risk causing data leakage and demand of a ransom.
- Identity theft risks – illegal copies expose users to potential risks of identity theft if criminals obtain a buyer’s name, address, credit card and other information from a purchase.
- Data may be in the hands of untrustworthy (and maybe unknown) operators of a pirate cloud and therefore at risk from it being trafficked or used for other unscrupulous purposes including facilitating internet enabled crime.
In its submission FAST went on to add: “UK Government is and has been instrumental in leading the way in providing businesses, small and large, with clarity on good basic cyber security practice. As with the Cyber Essentials scheme the industry remains keen to assist with practical help.”
Andrew Sheldon, CTO of forensic consultancy firm Evidence Talks, added that ensuring incident response plans include adequate forensic protocols should be high on every corporates to do list.
“If your forensic response strategy is to call the experts, it’s not good enough!’ In my experience, by the time a client calls us in, their internal response strategy has usually damaged or contaminated the data we need. This extends investigation times and costs while potentially exposing data to further risk of compromise. I hope this new government inquiry will raise awareness of this potential gap in response strategy.”
The deadline for submissions for evidence was November 23rd and the Committee is expected to hear evidence later in the month.
About The Inquiry
The Culture, Media and Sport Committee has decided to hold an inquiry into the circumstances surrounding the TalkTalk data breach and the wider implications for telecoms and internet service providers. In particular, the Committee is interested to receive views in response to the following areas:
- The nature of the cyber-attacks on TalkTalk’s website and TalkTalk’s response to the latest incident
- The robustness of measures that telecoms and internet service providers are putting in place to maintain the security of their customers’ personal data and the level of investment being made to ensure their systems remain secure and anticipate future threats
- The nature, role and importance of encryption in protecting personal data
- The adequacy of the supervisory, regulatory and enforcement regimes currently in place to ensure companies are responding sufficiently to cyber-crime
- The adequacy of the redress mechanisms and compensatory measures for consumers when security breaches occur and individuals’ personal data are compromised
- Likely future trends in hacking, technology and security
About FAST
The Federation Against Software Theft was formed in 1984. FAST is a not-for-profit organisation limited by guarantee and wholly owned by its members. It aims to reduce, restrict and or lessen the incidence of unauthorised dealings in computer software. It works on many fronts to promote software compliance and protect its members’ rights through awareness, enforcement, lobbying and promoting standards and best practice in business.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.