As businesses digitize their workflows, they also expand their digital surface area. That means more of the organisation is inter-connected and more is accessible online. It’s vital for innovation and for business success in the 21st century.
Unfortunately, with every opportunity comes a threat. For the digital era, it’s the increased risk of cyberattacks. A major cyberattack costs, on average, over $1 million in lost revenue as businesses scramble to repair the damage caused.As all businesses become technology companies, their security needs to evolve from passwords with a mixture of numbers, letters, and symbols to something more sophisticated to reduce cybersecurity risks. However, it’s not just about having the latest technology and products. While these are vital, developing the right culture and behaviour amongst employees and management is critical too. Yes, that means not having ‘1234’ as a password or knowing how to spot suspect email attachments; but it also means having the right attitude and approach to your technology assets in the first place.
Protecting your business from cyber risks requires a structured approach to managing your software assets throughout their lifecycle. This means exerting tight control over software purchases, ensuring the software can be accessed safely by your employees and customers and maintaining and updating (patching) the software so it continues to be secure. Finally, all too often businesses neglect the vital step of decommissioning and uninstalling unused software.
Software Asset Management (SAM) is the discipline of managing software throughout its lifecycle – it’s a critical component of your cybersecurity defenses and there’s a host of reasons to see SAM as an integral part of your organisation’s cybersecurity strategy.
In fact, 54% of CIOs surveyed in the latest BSA Global Software Survey say managing cybersecurity risks is the number one reason to avoid unlicensed software, with legal issues being second.
So how can SAM help mitigate an organisation’s cyber security risks?
BSA’s 2018 Global Software Study found that organisations that obtain and install unlicensed software packages or buy a computer with unlicensed software preinstalled face a 29% chance of encountering malware.
Software publishers are constantly finding and fixing bugs in the software they sell. To stay safe, businesses must ensure these software ‘patches’ are downloaded and installed on their applications on a regular basis. Unlicensed software doesn’t receive these patches, and you can’t contact the software publisher for help if something goes wrong on a regular basis.
Take the chaos caused by the Conficker worm and the Citadel botnet for example. Within the last 10 years, infections were spread by people either downloading unlicensed software or using PCs which contained an unlicensed version of Microsoft Windows pre-infected with the malware.
Making sure software is updated and patched can be the difference between disrupted operations or business as usual.
A key component of effective SAM is a deep understanding of your business requirements and matching your software accordingly, including the removal of unused or obsolete software. Keeping out of date software in your operations is a bit like locking the front door while the back door is wide open. If you don’t know you have it, how can you keep it updated and protected from the latest threats?
One reason businesses use unlicensed software is to avoid upfront costs – software can be expensive and it’s not surprising that some businesses are tempted to avoid paying, particularly if they won’t use the software that often.
However, upfront savings can quickly turn into long term losses as the direct and indirect costs of a cyber-attack quickly mount up. This is particularly true if the attack compromises personal data and the business in question has not taken steps to protect that data properly.
Failure to adhere to the EU’s General Data Protection Regulation (GDPR) can lead to fines of up to €20 million or 4% of global annual turnover (whichever is higher). That few hundred pounds, (or euro or dollars or zloty) saved initially could be a drop in the ocean compared to the costs of a breach.
Your business can make a conscious effort not to use illegitimate software by implementing training, processes, and policies to ensure that no one purposefully installs unlicensed products. It might sound time-consuming, but these simple steps can help make it easy:
Find out more about software asset management and how you can deliver efficiencies, mitigate cyber risk, and ensure compliance in an evolving IT environment by becoming a certified SAM leader.