CIOs using unlicensed software could be putting their organization at greater risk of malware attack, according to a report released last week.
Last month, the Business Software Alliance released a white paper, “Unlicensed Software and Cybersecurity Threats”, that draws a direct correlation between software used without a license, and cybersecurity threats.
The report, commissioned from IDC, used the research firm’s data along with information from Microsoft to quantify this link globally. It charted instances of unlicensed software across 81 countries, and correlated those with the rate of malware encounters from Microsoft’s Security Intelligence Report, which explores activity on 600 million users’ computers each month.
The report found a high instance of malware encounters in unlicensed software: as the instances of unlicensed software increased, the malware encounter rate also went up.
In the US, for example, where the unlicensed software rate is 18 per cent, malware encounters reached just 13 per cent each quarter. But in Indonesia, which has an 84 per cent unlicensed software rate, malware encounters averaged 44 per cent per quarter.
The figures support a warning issued by the FBI in 2013, which reminded consumers that pirated software may well contain malware. Some botnet operators have also been known to install malicious software by distributing unlicensed software to unwitting users.
The report points to empirical evidence as prove that this correlation is more than just coincidence. It points to a study last year, between IDC and the National University of Singapore. The report found that unlicensed software users had a one-in-three chance of being infected by malware.
The incidence of unlicensed software in Canada is higher than in the US at 25 per cent, although it suffers from the same malware infection rate of 13 per cent. The country has $1.08 million of unlicensed software installed, according to the BSA’s global study in June 2014, while the value of licensed software on Canadian computers is $3.27 million.
These rates are said to have come down over the last few years, from 33 per cent in 2007, although significantly, University of Ottawa law professor Michael Geist found in 2009 that the figures for Canada were estimated, rather than taken from survey data.
In its 2014 report, the BSA stated that it surveyed people in 74 countries. The report displayed statistics for 110 countries, along with several countries in the ‘other’ categories. It uses calculations based on installed and paid-for software.
CIOs managing their software licenses in Canada have several models to choose from. Traditional on-premise software licensing sees them buying licenses outright under a perpetual ownership model. They may then pay for major upgrades every couple of years.
Cloud-based SaaS-style contracts are often handled on a monthly or quarterly basis, effectively regulating the cost of the software into smaller, more frequent payments.
The third option, software subscriptions, sees software installed on-premise but paid for on a subscription model. Microsoft has been a strong support of this with its Software Assurance model, and also pushed subscription deals with Office 2013. With the release of Windows 10, it also hinted at a subscription model for its operating system, too.
These models offer benefits to the customer, in the form of a cheaper immediate cost, although it discourages disk-huggers who may not wish to upgrade to new versions for years. Subscription models also benefit the vendor with a regular income, and potentially enables it to sell ongoing services atop the basic subscription license.
If IDC’s findings are correct, Canadian CIOs could face more than an awkward call from the vendor if they’re using unlicensed software.