Share
The ever-increasing use of digital technologies means that software resilience is crucial in preventing incidents such as the 2020 SolarWinds attack or the discovery of the Log4j vulnerability. While businesses and organisations have made significant progress to address cyber risks, this continues to be a threat to the wider UK economy and the rest of the world.
In an increasingly virtual world, software underpins everything we do. Resilience in respect of software should be a priority for everybody, especially for businesses like Kennedys IQ that are building data-driven products and machine intelligence. We all depend on resilience in order to ensure safe growth, both locally and globally.
On 6 February 2023, the Department for Digital, Culture, Media & Sport[i] launched a call for views on software resilience for businesses and organisations.
Kennedys’ cyber and data experts worked alongside our technology arm, Kennedys IQ, to respond to the questions raised in the Government’s survey.
The key points in our response to the call for views included the following:
- Intentional compromises of software code, inadequate incident response and poor supplier management can lead to possible client liabilities, regulator fines or customer attrition, and can therefore have a significant impact on the economy.
- The increasing use of large language models (such as ChatGPT) that can generate long lines of code, will inevitably lead to errors and, without sufficient checks, could exacerbate the issue of accidental vulnerabilities in software code.
- Some vulnerabilities in software code are designed to look accidental, which is why developers should always aim to check the rest of the code to find the potential root cause.
- Software is rarely developed or used in one single jurisdiction and, as such, it is necessary to bring in an international perspective. In addition to an appropriate international standard for software development and adoption, the Government should consider approaching other countries to produce international guidance on incident management.
- We believe that it is necessary for the Government to prioritise cybersecurity awareness and literacy among the wider society. Software users should be encouraged to implement measures that will keep their data secure.
- Finally, any suggested measures will only be effective if they are affordable for businesses and developed with industry experts.
Eleanor Stewart, Senior Data Risk Manager, commented:
Cyber is the greatest threat facing organisations’ todays’ world. It can only be countered by coordinated efforts across sectors and groups that previously have not collaborated. It is heartening to see the Government beginning to draw those different entities together to develop a multifaceted toolkit to countering and mitigating that threat.
Next steps
The Government will analyse the call for views, take into consideration available resources, and decide which measures should be prioritised. We are expecting a formal response outlining the next steps to be published in the summer of 2023.
Related items:
- The emergence of a new generation of Business Email Compromises (BECs)
- Intangible risks of modern products
- FTC issues warning to companies in light of Log4j risks
- The ICO issues a firm warning to businesses as it fines UK construction firm, Interserve Group Limited, £4.4 million
[i] This now sits under the remit of the recently created Department for Science, Innovation & Technology.
Information technology
United Kingdom