If you think you are saving money using counterfeit software, think again!

According to BSA | The Software Alliance, the leading advocate for the global software industry before governments and in the international marketplace, unlicensed software is highly susceptible to malicious cyber threats. They typically lack access to updates and customer support, leaving you and your business vulnerable to bugs, vulnerabilities, and other operational disruptions.

BSA Senior Director Tarun Sawney

“Unfortunately, the number of companies using unlicensed software is now on the rise around the globe,” says Tarun Sawney, BSA Senior Director, who has been driving all compliance and enforcement activities for BSA in the Asia-Pacific (APAC) region since 2001.

In Southeast Asia alone, the cost of a data breach has since reached an all-time high of more than US$3 million in 2023, marking a 6 per cent year-on-year increase.  Despite this worrying trend, unlicensed software use in large companies continues unabated, especially in the engineering and design sectors.

Unlicensed software could put public safety at risk

Recent law enforcement actions across the region have revealed that some of these companies (using unlicensed software) are involved in the design and engineering of critical public infrastructure projects, thus prompting BSA | The Software Alliance to sound the alarm.

The alliance emphasizes that using outdated and unsecured software in such projects may put public safety at risk. “Every CEO and business leader in the engineering and design industry should make it a resolution to carefully manage their software assets,” urged Sawney. 

“Governments across the region are looking closely at the software being used in public works projects, ensuring that all taxpayer-funded infrastructure projects are designed using only safe, secure, licensed software,” he further stated.

With the onset of the lunar new year, it is imperative for businesses, particularly those engaged in critical infrastructure projects, to adopt best practices designed to combat the prevalent use of unlicensed software.

In light of this, BSA has prepared a five-step plan to guide organizations in ensuring software compliance and boosting cybersecurity and safety.

1) Make licensed software your first line of defense against cybercrime

Brandcomm

Using licensed software is not just a matter of compliance; it serves as the first line of defense against cybercrime for any organization. Licensed software providers regularly release updates to address newly discovered vulnerabilities, ensuring users are equipped with the latest security measures against potential threats.

Unlicensed software, on the other hand, creates a significant level of risk for organizations. These unauthorized programs are often missing essential security updates, meaning they introduce potential system vulnerabilities that can be exploited by cybercriminals. The use of unlicensed software might expose engineering and design firms to malware, ransomware, and other threats that can compromise the integrity of their projects, expose their data, and disrupt their business operations.

Enforcing a zero-tolerance policy for unlicensed software is crucial for these organizations, as it requires every member to understand the risks associated with illegal software use. At the same time, business leaders must emphasize the role of licensed software in bolstering the organization’s cybersecurity defenses.

2) Buy software only from legitimate and trusted vendors

Opting for reputable sources ensures that the software is not only genuine but also free from malicious added code or vulnerabilities that could compromise the security of an organization’s systems. Legitimate vendors adhere to industry standards, providing regular updates and support to enhance the software’s functionality and promptly address security issues.

Moreover, companies must aim to centralize their software procurement processes. By doing so, they can establish a standardized approach to vetting and acquiring software, reducing the risk of unintentional use of unauthorized or potentially harmful programs. This approach allows for better oversight, ensuring that all software adheres to company policies, licensing requirements, and security standards.

3) Develop a robust asset management system

One crucial aspect of effective asset management is conducting regular audits of software licenses. This involves maintaining accurate records and ensuring licenses are up to date. Failure to do so may result in legal consequences and financial penalties. This practice also helps to avoid under-licensing of software, which could lead to unintended violations and compromise the integrity of the organization’s cybersecurity framework. Unsupported software can create opportunities for cybercriminals to exploit vulnerabilities.

Businesses should also realize that the integration of AI in cybersecurity systems is now a necessity. Since malicious actors are increasingly leveraging the technology to scheme sophisticated cyber attacks, businesses must keep pace with evolving threats by investing in AI-driven solutions. AI can play a pivotal role in analyzing emails and user behavior for potential threats, detecting suspicious sign-ins and user accounts, and enhancing authentication solutions. By embracing AI, organizations can fortify their defenses and proactively identify and counteract emerging cyber threats.

4) Build a culture of software compliance and cybersecurity

Raising awareness among team members is one of the crucial first steps to establishing a strong culture of software compliance and cybersecurity within an organization. Regular communication and educational sessions are essential to instil an understanding of the significance of compliance and the potential repercussions of lax cybersecurity. Businesses can invest in comprehensive training programs that cover the latest threats, compliance standards, and best practices to equip their workforce with the necessary knowledge to identify and mitigate risks. This foundational awareness can also cultivate a vigilant and proactive mindset among employees.

Moreover, fostering a collective commitment to cybersecurity is key. Actively involving team members in the organization’s cybersecurity efforts ensures a shared responsibility for maintaining a safe and secure digital environment.

5) Create practical policies that all employees can embrace

To maintain a strong compliance and cybersecurity culture, companies can adopt practical policies that promote employee participation. A key element of this approach involves establishing a clear and systematic process for reporting software non-compliance, threats, and vulnerabilities. Encouraging employees to actively engage in the identification and reporting of potential security risks is pivotal in bolstering the organization’s defense against cyber threats. This also allows the company to swiftly respond to emerging issues and implement proactive measures to minimize the impact of cybersecurity breaches.

It may also be necessary to restrict access to certain software solely to employees who have undergone proper training. This serves as a preventive measure against potential system-wide damages resulting from errors made by untrained personnel. This approach not only mitigates the risk of inadvertent mistakes but also underscores the importance of comprehensive training programs as an integral component of the organization’s cybersecurity strategy.

Using unlicensed software is against the law and may result in severe consequences, such as substantial fines and legal proceedings for violating intellectual property rights.

Looking ahead to the lunar new year, prioritizing software compliance becomes even more crucial, especially for companies involved in public works and infrastructure projects. Indeed, it is a fundamental step in ensuring the long-term security and safety of both individuals and organizations.

By Ralph Fajardo

Ralph is a dynamic writer and marketing communications expert with over 15 years of experience shaping the narratives of numerous brands. His journey through the realms of PR, advertising, news writing, as well as media and marketing communications has equipped him with a versatile skill set and a keen understanding of the industry. Discover more about Ralph's professional journey on his LinkedIn profile.