Logo
Data+

Major concern: 'Companies and governments too dependent on their software developer'

In the Cracked by Jordens series, we dive into the cyber security of consumers and businesses in the Netherlands. Today we discuss how to spread risk in the event of a software failure.

Published on September 20, 2024

innovationorigins_a_computer_getting_infected_by_a_virus_9a8b2b8b-9968-4847-b99a-d99719ad2793.png
E

By: Elcke Vels

Our DATA+ expert, Elcke Vels, explores AI, cyber security, and Dutch innovation. Her "What if..." column imagines bold scenarios beyond the norm.

Recently, the Netherlands was “shut down. Several government agencies suffered from a malfunction in a Defense Department network. This led to problems at emergency services, the Coast Guard, the Royal Netherlands Marechaussee, DigiD, the Municipal Health Service, and Eindhoven Airport, among others. Can companies and governments avoid being completely screwed by such errors? And have we become too dependent on software, and software developers? In this column, we put these - and other - questions to expert Patrick Jordens. He is the director of Trusted Third Party (TT3P): a Dutch company specializing in cybersecurity.

Have we as a society become too dependent on software developers?

“Definitely. And this problem is visible not only in governments but also in many enterprises, large and small. After all, IT is not the core business of many enterprises. Often weak agreements are made, and the consequences only become clear when something goes wrong. When an enterprise is hacked, people call the IT vendor. 'How could this have happened? You manage my IT, right? Then the supplier often says, “Yes, but if you get hacked, there's nothing I can do about it; that's in our contract. So entrepreneurs need to make clearer agreements, lay them down in a contract, and above all know that they cannot outsource responsibility.”

As a company, how can you spread the risk so that the entire system doesn't go down in the event of a configuration error or cyberattack?

MG_4363-2-234x351-1.jpg

“This risk is always there, but you can significantly reduce it. Network segmentation, for example, helps with that. This involves creating multiple environments within one network. If a hacker gains access to one part of the network, he does not automatically have access to other parts.

It is also important to think carefully about a backup strategy. Not every backup is the same; you can make them daily, weekly, monthly, or even hourly. And because they sometimes fail, it is crucial to always check that they were completed successfully. You should also test the restore of a backup, to make sure everything is working properly when it's really needed. This is called a restore test.

It can also be advantageous to work with more than one software vendor, especially when dealing with vital structures within a company. While most software developers will not abuse their position of power, it is never nice to be in a vulnerable position when something goes wrong. After all, developers will not feel the same urgency to solve the problem as entrepreneurs do.”

And consumers? What can they do to secure their data?

“Again, decentralization of data. As an individual, you store a lot more data today than you did a decade ago: photos, music files, and digital documents from the government. So it is essential to think carefully about how you archive your data.

Personally, I make sure I have a backup of my critical data, such as digitized photos. At home, I have a hard drive, but I also copy my data to a remote location; someone I know. In addition, I use a cloud solution. I definitely don't want to lose my data. And I think a lot of people feel the same way about that.”