Companies should be aware of the potential danger of malware from utilizing unauthorized software
In the digital age, the importance of implementing internal controls for the legal use of technology has never been more critical. According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), this is now so vital that it has been recommended in its revised Internal Control - Integrated Framework [1].
A recent study confirms the connection between unlicensed software and cybersecurity threats. Unlicensed software often lacks proper security controls, may contain malware, and is not regularly updated or patched. This creates vulnerabilities that threat actors can exploit to gain unauthorized access, move laterally within networks, and maintain persistence [1].
The BSA Software Alliance and IDC study reveals that businesses employing unlicensed software face a higher risk of cybersecurity incidents, including malware infections, data breaches, and ransomware attacks. Unlicensed or pirated software often bypasses security vetting, leading to gaps in protection that attackers exploit [1].
To mitigate these risks, the BSA Software Alliance recommends several steps:
- Implementing application control measures such as allowlisting to prevent unauthorized or unlicensed software execution.
- Conducting regular audits of software assets to identify and remove unlicensed software.
- Enforcing strict software license compliance policies to ensure all installed software is authorized and up to date.
- Using security tools to detect unusual execution patterns typical of malicious software or unauthorized remote access tools.
- Training employees about the cybersecurity risks associated with unlicensed software and encouraging compliance with licensing requirements.
These steps help organizations ensure software legitimacy, reduce vulnerabilities, and bolster their defenses against threat actors who exploit unlicensed or poorly controlled software environments [1].
Securing access through VPNs or approved remote access solutions, monitoring logs for abnormal software activity, and blocking unauthorized network ports further reduce risk linked to unlicensed software exploitation [1].
The risks from cybercrime are real and extraordinary for businesses. In the past year, 43% of companies experienced a data breach, and the average organization experiences a malware event every three minutes [1]. Malware protection should be a priority on the risk agenda for organizations.
Jodie Kelley, General Counsel and Senior Vice President of BSA, The Software Alliance, sourced this information. She emphasizes that CEOs should start implementing best practices to mitigate security risks and avoid their business becoming tomorrow's news headline.
For more information on additional steps to take, visit BSA's website [2]. The world class standard for Software Asset Management is ISO/IEC 19770-1:2012 [1]. Business leaders are struggling to protect their businesses from cybercrime, and assessing what is in your network and eliminating unlicensed software could help reduce the risk of cybersecurity incidents [1].
In 2014, 43% of the software installed on PCs globally was unlicensed, resulting in enterprises spending $491 billion as a result of malware associated with counterfeit and unlicensed software [1]. The correlation between the use of unlicensed software and malware is higher than the correlations between education and income, or that between smoking and lung cancer [1].
Sources: [1] BSA Software Alliance: www.bsa.org [2] For more information on additional steps to take: www.bsa.org/software-protection
- It's crucial for businesses to be aware that the use of unlicensed software can lead to significant cybersecurity risks, such as malware infections, data breaches, and ransomware attacks, as advised by Jodie Kelley, General Counsel and Senior Vice President of BSA, The Software Alliance.
- To fortify their defenses against threat actors who exploit unlicensed or poorly controlled software environments, businesses should consider implementing measures like application control, software audits, strict software license compliance policies, using security tools, employee training, and secure network access solutions, as recommended by the BSA Software Alliance.
