Business managers striving to protect their organizations from cyberattacks should keep an eye on software piracy.
A 2015 IDC analysis of Business Software Alliance (BSA) survey data found that malware incidents rose alongside unlicensed software use: In the United States, the rate of quarterly malware encounters in 2013 trailed the rate of unlicensed software use 13 percent to 18 percent, respectively.
Jodie Kelley, BSA’s senior vice president and general counsel, says the connection between malware and piracy is only natural.
“When you have people putting nongenuine software on the market to download for free or at an incredibly reduced price, it is not surprising that these bad actors could be embedding malware in it,” she says.
But counterfeit applications aren’t the only danger to organizations. “Even if the software is genuine but not licensed, then you might not be getting the security patches, so that is another avenue for malware to get into a system,” Kelley says.
Although these risks make software management essential for businesses of every size, Amy Konary, a research vice president at IDC, says having a high volume of software applications can make the task particularly “daunting” for larger organizations.
She recommends that IT leaders proactively address the problem by combining employee education with software asset management (SAM) tools and best practices.
For organizations looking to get started with SAM, Kelley says the first step is to look inward.
“You must understand what is on your own systems to make sure you are not inadvertently on the path to an infection or an attack,” she says.
From there, it’s important for business leaders to think about what the organization needs and whether those needs are being met. Kelley says that during this part of the process, organizations should explore alternate ways of purchasing software, such as through cloud-based service providers.
The next step in the process is to establish software policies and procedures that will keep piracy in check. BSA survey data shows only 40 percent of CIOs currently impose policies designed to prevent employees from installing software on their own. For Kelley, that means the majority of businesses aren’t controlling software acquisition as tightly as they could be.
After establishing adequate software policies, IT leaders should integrate SAM throughout the business, the BSA report states; educating employees about the impact of their actions and the risks of unlicensed software represents a large portion of this work.
According to Patricia Adams, an IT asset management expert with LANDESK, SAM solutions are the other half of the equation.
Automated discovery tools gather data on the way an organization deploys and uses applications, creating a detailed inventory that helps IT leaders reduce instances of noncompliance.
Adams says that extra assurance shouldn’t go unappreciated at a time when the threat of software audits looms large.
“Having the right tools in place not only keeps companies in control of their assets for better management, but also they can quickly prepare for an audit when the notification arrives,” she says.