A senior member of the security team for the NHS Covid-19 app recently shared how having a defence process in place had averted a cyber crisis for the app and meant a QR code login bug could be fixed quickly.
It was discovered that users of the Covid app were able to check in to a venue using a QR code poster that was not generated by the NHS service.
In his blog for the National Cyber Security Centre, Stuart H shares how having a Vulnerability Disclosure Programme had enabled developers to quickly create a patch to fix this problem, which you can read about here: https://www.ncsc.gov.uk/blog-post/bugs-happen-be-ready-to-fix-them
Though most small businesses will not have in-house developers like the Covid-19 app team, this story highlights the importance of having a back-up plan in place. Would you know exactly what to do if you or one of your customers discovered a bug in your app or website?
The NCSC has a Vulnerability Disclosure Toolkit to help organisations prepare their plan of action. This is suitable for businesses of all sizes to increase their resilience against as potential future attack: https://www.ncsc.gov.uk/information/vulnerability-disclosure-toolkit.
As a member of the NEBRC, you will have contact with local cyber security officers who can help you strengthen your processes. Learn about joining us here: https://www.nebrcentre.co.uk/membership