Unfortunately, with every opportunity comes a threat. For the digital era, it’s the increased risk of cyber-attacks. As all businesses become technology companies, their security needs evolve from passwords with a mixture of numbers, letters and symbols to something more sophisticated.
However, it’s not just about having the latest technology and products. While these are vital, developing the right culture and behaviour amongst employees and management is critical too. Yes, that means not having ‘1234’ as a password or knowing how to spot suspect email attachments; but it also means having the right attitude and approach to your technology assets in the first place.
A major cyber attack costs, on average, over $1 million in lost revenue as businesses scramble to repair the damage caused.
Protecting your business from cyber risks requires a structured approach to managing your software assets throughout their lifecycle. This means exerting a tight control over software purchases, ensuring software can be accessed safely by your employees and customers, and maintaining and updating (patching) the software so it continues to be secure. Finally, all too often business neglect the vital step of decommissioning and uninstalling unused software.
Software Asset Management (SAM) is the discipline of managing software throughout its lifecycle – it’s a critical component your cybersecurity defences and there’s a host of reasons to see SAM as an integral part of your organisation’s cyber security strategy.
In fact, 54% of CIOs surveyed in the latest BSA Global Software Survey say managing cybersecurity risks is the number one reason to avoid unlicensed software, with legal issues being second.
So how can SAM help mitigate an organisation’s risk to cyber threats?
BSA’s 2018 Global Software Study found that organisations that obtain and install unlicensed software packages or buy a computer with unlicensed software preinstalled face a 29% chance of encountering malware.
Miss an update, open a door
Software publishers are constantly finding and fixing bugs in the software they sell. To stay safe, businesses must ensure these software ‘patches’ are downloaded and installed on their applications on a regular basis. Unlicensed software doesn’t receive these patches, and you can’t contact the software publisher for help if something goes wrong on a regular basis. Unlicensed software doesn’t receive these patches, and you can’t contact the software publisher for help if something goes wrong.
Within the last 10 years, both the Conficker worm and the Citadel botnet ‘infections’ were spread by people either downloading unlicensed software or using PCs which contained unlicensed version of Microsoft Windows pre-infected with the malware.
As the chaos caused by the Wannacry worm demonstrated, making sure software is updated and patched can be the difference between disrupted operations or business as usual.
A key component of effective SAM is a deep understanding of your business requirements, and matching your software accordingly, including by removing unused or obsolete software. Keeping out of date software in your operations is a bit like locking the front door while the back door is wide open. If you don’t know you have it, how can you keep it updated and protected from the latest threats?
One reason businesses use unlicensed software is to avoid upfront costs – software can be expensive and it’s not surprising some businesses are tempted to avoid paying, particularly if they won’t use the software that often.
However, that upfront saving can quickly turn into long term losses as the direct and indirect costs of a cyber-attack quickly mount up. This is particularly true if the attack compromises personal data and the business in question has not taken steps to protect that data properly. Failure to adhere to the EU’s General Data Protection Regulation (GDPR) can lead to fines of up to €20 million or 4% of global annual turnover (whichever is higher). That few hundred pounds, (or euro or dollars or zloty) saved initially could be a drop in the ocean compared to the costs of a breach.
Your business can make a conscious effort not to use illegitimate software by implementing training, processes and policies to ensure that no one purposefully installs unlicensed products. It might sound time consuming, but these simple steps can help make it easy:
Have a software asset management role assigned to an employee who makes sure software is acquired, deployed, used and retired in a controlled manner
Have a written policy, that employees can sign, to make them aware of their responsibilities for looking after IT equipment, software, and information assets, as well as their obligations when using IT services such as the internet, email or collaboration tools.
Only procure software from publisher-certified partners to ensure that the software you buy is legitimate and properly licensed
Carry out regular audits of your IT systems to ensure you have not over-installed software or cloud services or that your employees are not making use of unlicensed software
Make sure that your software is regularly updated, and obsolete or unused software is removed to stop hackers exploiting vulnerabilities
You can find out more about software asset management in