The risk of cyberattacks is a growing concern for UK businesses. The recent Cyber Security Breaches Survey commissioned by the UK Government's Department for Culture, Media & Sport found that 90% of large businesses in the UK consider cybersecurity a "high priority". The study also revealed that 65% of major British companies have experienced at least one cyber security breach or attack in the past year. A quarter of these firms experience such incidents on at least a monthly basis.
While traditional security measures such as firewalls, access logs, zoned areas and good security architecture all contribute to good cyber security practice, there may be another, often overlooked, danger lurking within your network: unlicensed software.
Seizing Opportunity Through License Compliance, the Global Software Survey from BSA | The Software Alliance and IDC, shows that many CIOs simply don't know how much software employees are installing on company networks. CIOs estimate that as many as 15% of their employees have done so. However, the truth is much more troubling, as almost double that number of employees say that they are loading software onto company networks without permission.
BSA's study with IDC also found a strong correlation between unlicensed software and malware, which is the equivalent of giving criminals a set of keys to your company network.
This is a mistake companies can't afford to make. Cyberattacks cost businesses more than $400 billion in 2015. In addition to the potentially devastating financial impact and loss of customer data, enterprises can suffer damage to their reputation and declining customer confidence. Even just one successful cyberattack "can do serious harm to a company's reputation and credibility," notes the 2016 Symantec Internet Security Threat Report.
The rate of unlicensed software use in the UK for 2015 was 22 percent, a two percentage point drop since the last survey in 2013. While such a drop is encouraging, it is still too high when you consider the link with cyberattacks.
At a global level, although trends have improved marginally, 39 percent of software installed on computers globally last year was not properly licensed. This represents only a modest decrease from 43 percent in BSA's previous study in 2013.
In short, unlicensed software remains a major issue.
The good news is that companies can mitigate the cybersecurity risks associated with unlicensed software by purchasing it from legitimate sources, and establishing a stringent software asset management (SAM) program.
SAM programs are essential for companies to properly manage their software and ensure ongoing compliance. Organisations that effectively deploy SAM have an inventory of what's operating on their network, leading to better policies and practices for purchasing, deploying, updating, and retiring software. This helps minimise risk and maximise cost-savings, as businesses may find they have a surplus of licenses.
An effective SAM program has four key steps:
• Step 1 is for organisations to ascertain what software is deployed on their networks, and how much of that software is legitimate and properly licensed
• Step 2 is for organisations to align current and future business needs with the right software and the right licensing models
• Step 3 is to establish policies and procedures that ensure that SAM is part of the IT lifecycle of a business
• Step 4 is to integrate SAM into the organisation's business processes
As the latest global survey reinforces, businesses may be leaving themselves open to unnecessary cyber risks by not keeping track of what's installed on company networks. By introducing effective SAM measures, along with increased employee education, companies are able to seize the opportunity to make themselves safer, more cost-effective, and more efficient with an effective frontline defense against cyberattacks.