BSA Verafirm | Blog

How SAM Can Reduce Your Organisation's Cyber Security Risks

Written by Blog Author | Jul 23, 2019 9:59:23 PM

As businesses digitize their workflows, they also expand their digital surface area. That means more of the organisation is inter-connected and more is accessible online. It’s vital for innovation and for business success in the 21st century.

Unfortunately, with every opportunity comes a threat. For the digital era, it’s the increased risk of cyberattacks. A major cyberattack costs, on average, over $1 million in lost revenue as businesses scramble to repair the damage caused.

As all businesses become technology companies, their security needs to evolve from passwords with a mixture of numbers, letters, and symbols to something more sophisticated to reduce cybersecurity risks. However, it’s not just about having the latest technology and products. While these are vital, developing the right culture and behaviour amongst employees and management is critical too. Yes, that means not having ‘1234’ as a password or knowing how to spot suspect email attachments; but it also means having the right attitude and approach to your technology assets in the first place.

Managing software assets to reduce cyber risk

Protecting your business from cyber risks requires a structured approach to managing your software assets throughout their lifecycle. This means exerting tight control over software purchases, ensuring the software can be accessed safely by your employees and customers and maintaining and updating (patching) the software so it continues to be secure. Finally, all too often businesses neglect the vital step of decommissioning and uninstalling unused software.

Software Asset Management (SAM) is the discipline of managing software throughout its lifecycle – it’s a critical component of your cybersecurity defenses and there’s a host of reasons to see SAM as an integral part of your organisation’s cybersecurity strategy.

In fact, 54% of CIOs surveyed in the latest BSA Global Software Survey say managing cybersecurity risks is the number one reason to avoid unlicensed software, with legal issues being second.

So how can SAM help mitigate an organisation’s cyber security risks?

Malware and unlicensed software – the Bonnie and Clyde of cybersecurity

BSA’s 2018 Global Software Study found that organisations that obtain and install unlicensed software packages or buy a computer with unlicensed software preinstalled face a 29% chance of encountering malware.

Software publishers are constantly finding and fixing bugs in the software they sell. To stay safe, businesses must ensure these software ‘patches’ are downloaded and installed on their applications on a regular basis. Unlicensed software doesn’t receive these patches, and you can’t contact the software publisher for help if something goes wrong on a regular basis. 

Take the chaos caused by the Conficker worm and the Citadel botnet for example. Within the last 10 years, infections were spread by people either downloading unlicensed software or using PCs which contained an unlicensed version of Microsoft Windows pre-infected with the malware.

Making sure software is updated and patched can be the difference between disrupted operations or business as usual.

Knowledge (of your software) is power

A key component of effective SAM is a deep understanding of your business requirements and matching your software accordingly, including the removal of unused or obsolete software. Keeping out of date software in your operations is a bit like locking the front door while the back door is wide open. If you don’t know you have it, how can you keep it updated and protected from the latest threats?

Up-front savings translate to long-term losses

One reason businesses use unlicensed software is to avoid upfront costs – software can be expensive and it’s not surprising that some businesses are tempted to avoid paying, particularly if they won’t use the software that often.

However, upfront savings can quickly turn into long term losses as the direct and indirect costs of a cyber-attack quickly mount up. This is particularly true if the attack compromises personal data and the business in question has not taken steps to protect that data properly. 

Failure to adhere to the EU’s General Data Protection Regulation (GDPR) can lead to fines of up to €20 million or 4% of global annual turnover (whichever is higher). That few hundred pounds, (or euro or dollars or zloty) saved initially could be a drop in the ocean compared to the costs of a breach.

Avoid unlicensed software to protect your business

Your business can make a conscious effort not to use illegitimate software by implementing training, processes, and policies to ensure that no one purposefully installs unlicensed products. It might sound time-consuming, but these simple steps can help make it easy:

  1. Have a software asset management role assigned to an employee who makes sure software is acquired, deployed, used and retired in a controlled manner.
  2. Have a written policy, that employees can sign, to make them aware of their responsibilities for looking after IT equipment, software, and information assets, as well as their obligations when using IT services such as the internet, email or collaboration tools.
  3. Only procure software from publisher-certified partners to ensure that the software you buy is legitimate and properly licensed.
  4. Carry out regular audits of your IT systems to ensure you have not over-installed software or cloud services or that your employees are not making use of unlicensed software.
  5. Make sure that your software is regularly updated, and obsolete or unused software is removed to stop hackers exploiting vulnerabilities.

Find out more about software asset management and how you can deliver efficiencies, mitigate cyber risk, and ensure compliance in an evolving IT environment by becoming a certified SAM leader.