FAST welcomes Government inquiry into cyber security
26th November, 2015
By focusing on basic software IP cyber hygiene, organisations and consumers be better protected from the most common cyber threats
The Federation Against Software Theft (FAST) has welcomed the inquiry being held by the UK Government’s Culture, Media and Sport Committee into cyber security. The Committee, chaired by Conservative MP, Jesse Norman, has launched the inquiry following the recent online data breach at TalkTalk and its scope covers the protection of personal data online.
Julian Heathcote-Hobbins, General Counsel, FAST, stated: “We welcome this inquiry and have taken the opportunity to respond by written submission. Considering the widespread use of cloud computing, it is imperative that trust and confidence is maintained to protect personal data online. Business and consumers of software must realise risks in illicit copies, be pro-active and take responsibility in buying software and services from legitimate and trusted sources in order to work towards being safe. In other words, being sure of provenance.”
In its submission FAST highlighted to the Committee the risks of buying non-genuine software or services:
- Not receiving all the updates/patches a user is entitled to which can reduce security.
- Malware (viruses) included in illegal copies of software may pose an unknown security risk causing data leakage and demand of a ransom.
- Identity theft risks – illegal copies expose users to potential risks of identity theft if criminals obtain a buyer's name, address, credit card and other information from a purchase.
- Data may be in the hands of untrustworthy (and maybe unknown) operators of a pirate cloud and therefore at risk from it being trafficked or used for other unscrupulous purposes including facilitating internet enabled crime.
In its submission FAST went on to add: “UK Government is and has been instrumental in leading the way in providing businesses, small and large, with clarity on good basic cyber security practice. As with the Cyber Essentials scheme the industry remains keen to assist with practical help.”
Andrew Sheldon, CTO of forensic consultancy firm Evidence Talks, added that ensuring incident response plans include adequate forensic protocols should be high on every corporates to do list.
“If your forensic response strategy is to call the experts, it’s not good enough!’ In my experience, by the time a client calls us in, their internal response strategy has usually damaged or contaminated the data we need. This extends investigation times and costs while potentially exposing data to further risk of compromise. I hope this new government inquiry will raise awareness of this potential gap in response strategy.”
The deadline for submissions for evidence was November 23rd and the Committee is expected to hear evidence later in the month.