The Federation Against Software Theft (FAST) has welcomed the inquiry by the UK Government’s Culture, Media and Sport Committee into cyber security. The committee has decided on the inquiry into the recent TalkTalk data breach and the wider implications for telecoms and internet service providers.
Julian Heathcote-Hobbins, General Counsel, FAST, said: “We welcome this inquiry and have taken the opportunity to respond by written submission. Considering the widespread use of cloud computing, it is imperative that trust and confidence is maintained to protect personal data online. Business and consumers of software must realise risks in illicit copies, be pro-active and take responsibility in buying software and services from legitimate and trusted sources in order to work towards being safe. In other words, being sure of provenance.”
In its submission FAST highlighted to the Committee the risks of buying non-genuine software or services:
Not receiving all the updates/patches a user is entitled to which can reduce security.
Malware (viruses) included in illegal copies of software may pose an unknown security risk causing data leakage and demand of a ransom.
Identity theft risks – illegal copies expose users to potential risks of identity theft if criminals obtain a buyer’s name, address, credit card and other information from a purchase.
Data may be in the hands of untrustworthy (and maybe unknown) operators of a pirate cloud and therefore at risk from it being trafficked or used for other unscrupulous purposes including facilitating internet enabled crime.
FAST went on to add: “UK Government is and has been instrumental in leading the way in providing businesses, small and large, with clarity on good basic cyber security practice. As with the Cyber Essentials scheme the industry remains keen to assist with practical help.”
Andrew Sheldon, CTO of forensic consultancy firm Evidence Talks, added that ensuring incident response plans include adequate forensic protocols should be high on every corporates to do list. “If your forensic response strategy is to call the experts, it’s not good enough!’ In my experience, by the time a client calls us in, their internal response strategy has usually damaged or contaminated the data we need. This extends investigation times and costs while potentially exposing data to further risk of compromise. I hope this new government inquiry will raise awareness of this potential gap in response strategy.”
