Positive correlation between unlicensed software and cyber security threats

The relationship between the use of unlicensed software and increased security threats is long established. The latest study commissioned by BSA, Software Alliance corroborates the strong positive correlation between unlicensed software and malware encounters. According to the analysis conducted by IDC, the correlation between unlicensed software and malware (r=0.79) is on par with that of a low carb diet and weight loss (r=0.79); and even higher than the correlation between smoking and lung cancer (r=0.72) and education and income (r=0.75).

These numbers are alarming, especially given how business critical security is for organizations today. According to a recent study, India’s capital Delhi is the most vulnerable to security risks and it has the maximum malware-infected computers and mobile phones.

In 2014, the BSA Global Software Survey reported that 60 percent of the software installed on PCs in India was unlicensed. Building on this, IDC’s latest analysis reveals that India has a 39 percent malware encounter rate against the 60 percent unlicensed software rate in the country. On the other hand, Brazil reported a 50 percent unlicensed software rate and had a malware infection rate of 31 percent, while the US, which had the lowest unlicensed software rate, at 18 percent, had an infection rate of 13 percent.

Clearly, higher the rate of unlicensed PC software in a country, the more malware is generally encountered on PCs in that country, and vice versa.

The use of software infected with malware can cause substantial productivity losses and pose grave security threats to critical business infrastructure. Organizations have a great deal to lose from cybersecurity breach incidents - customer information is put at risk and proprietary business information can be stolen by hackers. Additionally, the impact of a breach on a firm’s reputation can be disastrous for a business and its executives.

Today, mitigating risks associated with use of unlicensed software and security threats are high on the CIO’s and other C-suite executives’ agenda. A report by IDC estimates that enterprises will have spent $491 billion in 2014 as a result of malware associated with counterfeit and unlicensed software.

Even as security becomes more and more critical in enterprises, complex licensing models make it increasingly challenging for CIOs to keep a track of software assets within an organization. The rapidly evolving threat landscape, coupled with mounting pressure from software publishers, stricter accounting laws, government mandates and customers, companies recognize a greater need to demonstrate legal use of software.

Sound software compliance policies and implementing internal controls, such as ISO-aligned software asset management (SAM) practices is therefore critical to reduce exposure to cyber threats. It helps organizations understand what software they have on their networks, verify that it is genuine, and confirm that they are in compliance with their software license obligations.

Effective software management processes are vital for managing license-related costs, minimizing compliance-related risk and enhancing operating efficiencies. It also builds a platform for businesses to optimize their competitive advantage and overcome security risks. Implementation of a robust software asset management program assures CIOs that they are managing their software correctly and assuring the marketplace that they have a best-in-class governance program in place.