In this article, we look at how the risks to businesses posed by pirated software can far outweigh its benefits and how you can protect your business from the true costs of pirated software.
On the surface, there appears to be some clear benefits to using pirated software, such as acquiring the capabilities of possibly expensive and powerful software at little/no cost, getting the up-to-date capabilities of the latest versions plus reaping the commercial advantages while learning and getting the enjoyment that this can bring. There may also be feelings and thoughts that the price of the legitimate software may have been too high anyway and that the probably wealthy software manufacturer will not miss the potential profit it would have made on a few pirated downloads, thereby relieving users of feelings of guilt.
However, the true cost of pirated software may not simply be calculated in costs saved or lost profits. There are risks and effects that the pirated-software user may not be fully aware of. Here are some examples that help illustrate those true costs to users and their businesses.
For example, a recent investigation by Zscale revealed that threat actors use SEO poisoning to elevate the positions of their mostly .com domain websites in the search engines for key phrases like ‘‘Adobe Acrobat Pro’’ or ‘‘7-Data Recovery Suite’’. However, downloading their pirate software or cracks, keygens, and activators can mean downloading info-stealing malware, such as RedLine Stealer or RecordBreaker, which can steal passwords and payment data. In addition, downloading pirated software can also mean downloading other malware, ransomware, viruses, or adware which can pose a huge security risk for businesses and individual users.
Pirated software can also mean forfeiting access to a program’s essential support and security features, such as training, upgrades, customer support, manuals, and bug fixes/patches. This can mean lost time and the associated costs, added frustration, and reduced productivity in trying to learn a program. It can also mean lost features and functions / a lack of access to the latest features (making the program less effective), and can pose a security risk. Having no access to upgrades and fixes can also mean that the program is more likely to fail, causing disruption, affecting productivity, and cancelling the cost benefits of getting a free pirated version.
Using or distributing pirated software comes with the risk of some severe penalties for violating copyright law or using unlicensed software. For example, following an investigation by the Business Software Alliance (BSA), an unnamed infrastructure and public services sector organisation paid £250,000 for running unlicensed copies of Adobe, Autodesk, and Microsoft software on hundreds of PCs in several UK locations. In the US, companies or individuals can be fined up to $150,000 in penalties for every instance and could face up to five years in prison for a software piracy felony.
Malware downloaded unwittingly as part of a pirated software program could have the kind of backdoors, monitoring, and exploit capabilities that could be operated at a later date, thereby increasing a company’s risk of falling victim to cybercrime and/or data breaches further down the line.
If, for example, a business is fined (or if it becomes known that the business has been using pirated software), and thus potentially posing a risk to stakeholder data and systems, this could lead to lost customers, a breakdown in or damage to relationships with suppliers, and reputational damage.
With many more companies now exploring the risks to their own data protection compliance beyond their own company boundaries, i.e. assessing how supplier systems and practices could pose a risk to their own data protection compliance, using pirated software could lose a company business and affect supplier/customer relationships.
Although it may sound like one of the lesser risks, i.e. a disgruntled employee or whistleblower reporting the use of unlicensed software in a business, they may nevertheless become motivated to do so by revenge and the offer of a reward – even years afterwards. For example, the Business Software Alliance (BSA) says that a reward may be payable if the BSA pursues an investigation and, as a direct result of the information provided by the informant, receives a monetary settlement from the reported organisation. For example, if a company settles for $15,000 – $100,000, the informant can receive $5,000 or, in large cases, if the company settles for $800,001 – $1,000,000, the informant can receive a $50,000 payment!
For individuals who download and use pirated software at work and/or onto work devices, giving access to work systems, if this contradicts IT and security policies, the individual could face disciplinary action or the threat of losing their job.
Ways that businesses can protect themselves and their employees from the risks of pirated software, unlicensed software, and other potentially dangerous ‘‘Shadow IT’’ software can include:
– Software asset management and monitoring include keeping track of all license expiration dates, purchasing licenses to cover compliance gaps, and keeping software updated. This can include conducting audits of all installed software across the organisation, including all devices.
– Educating employees about the risks of software piracy and its legal repercussions.
– Adopting a software and hardware policy that prevents employees from installing software on work devices themselves and procedures that make software administrators responsible instead.
– Keeping a close eye on any BYOD policy, e.g. developing a clear BYOD policy that works for both the business and the employee on permitted and not permitted tasks, services that can be accessed, control limits over devices, enforcement measures and more.
– Limiting access to systems and data to a ‘‘need to use’’ basis, using encryption, and adopting zero-trust access can all help.
Although using pirated software may seem like a way to save money, the potential costs to the business could far outweigh those cost savings and could create weak points in security that could put the business at constant risk of cyber attacks and more. Malware, adware, and other threats that are downloaded with some pirate software are significant risks to the business, as are the potential legal penalties and reputational repercussions of being found to be using pirated and unlicensed software. Therefore, businesses need to create clear policies and procedures around software and who is responsible for installing it, pay close attention to software asset management and monitoring (including audits), and educate staff about the risks and the rules. Businesses with BYOD, for example, should be especially vigilant. Remote working using only centralised, approved cloud-based apps with restrictions in place can help reduce the risk, as can adopting zero-trust and other security-focused practices.