Cybersecurity: No savings from pirated software

This article first appeared in Digital Edge, The Edge Malaysia Weekly, on December 13, 2021 - December 19, 2021.
Cybersecurity: No savings from pirated software
-A +A

Some companies are choosing to cut the cost of digitalising by purchasing pirated software. However, this opens them to greater cybersecurity threats, not to mention reputational damage.

For instance, in early 2020, hackers broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system, which was distributed to more than 33,300 business customers. Accenture later released a report saying that it was because of the company’s use of a compromised pirated version of Cobalt Strike software, which ironically is a cyberthreat emulation software. 

In fact, studies by International Data Corp (IDC) and Business Software Alliance (BSA) between 2014 and 2018 found a strong and consistent correlation between the use of unlicensed software and malware encounters. 

According to Tarun Sawney, senior director at BSA Asia-Pacific, about one in two Malaysian businesses currently use pirated software. While this looks bad at first glance, it is a major improvement from the early 2000s, when software piracy stood at about 70%. 

From his observations, much of the demand for pirated software comes from small and medium enterprises (SMEs) looking to cut costs. These companies generally do not have well-established IT departments but one-man shows, doing all things IT for the company.

“The biggest message we want to get across is this. You need to use licensed software, because you will take on enormous risks if you don’t. I am not referring to the legal risks of breaking any copyright laws; it is about falling victim to cyberattacks,” says Sawney.

BSA is a non-profit organisation set up in the 1980s when several software companies found that their products were being shared and copied illegally. Its goal is to protect and grow the software market, and it has since expanded its presence to more than 60 countries. 

Recently, BSA has been working with design software firm Autodesk Inc to reach out to over 20,000 firms in Southeast Asia to promote the use of legal software. It is also offering free consultations to companies seeking counsel on the software licensing process, even providing advisory services on the auditing process.


"If there were no culture of respecting the use of licensed software, employees would download pirated software from all over the internet, use it in their homes and log in under business accounts while there is still malware and holes in security.” - Sawney

Why now?

Sawney says the cybersecurity landscape has rapidly evolved since the pandemic. He points towards reports highlighting massive spikes in malicious phishing emails in 2020, with threat actors increasingly targeting personal devices and home networks of remote workers. 

Hackers are also increasingly organised. Earlier this year, hacker group REvil launched a massive attack on July 4, affecting over 1,000 companies. It attacked when companies were vulnerable as they knew most IT specialists and cybersecurity experts would be on holiday at the time. 

“If the chief information officer (CIO) was given a limited budget and had no choice but to crack the software and use it across the organisation, it would be promoting the culture of normalising the use of unlicensed software,” says Sawney.

“But today, many people are working from home. If there were no culture of respecting the use of licensed software, employees would download pirated software from all over the internet, use it in their homes and log in under business accounts while there is still malware and holes in security.”

Fixing these security flaws not only costs the company time and resources, but also affects workers’ productivity. The savings gained from using pirated software hardly justifies the risks associated with it, he adds. Furthermore, using licensed software gives companies access to the latest security patches and updates, further reducing cybersecurity risks. 

“This is not solely an initiative by us. Governments around the world are now making it a mandatory requirement for procurement companies to use only genuine and licensed software,” says Sawney.

“We are seeing billions being set aside for massive local infrastructure projects. Given the sensitivity and nature of such large-scale projects involving roads and bridges, companies need to ensure that these projects are carried out perfectly. They cannot risk having a building or bridge collapsing for any reason.”

To avoid these issues, companies need to take a systematic approach to ensure the use of legitimate software among employees. Sawney recommends that companies regularly conduct PC audits as the first line of defence, then establish internal company policies to prevent employees from using private consumer applications in the work environment.

Furthermore, companies need to be comfortable purchasing legal software that employees may need and make it widely available to all of them. Having a channel to accept requests for specific software certainly helps as well.

Gradual decline in piracy

Sawney sees improvement and awareness spreading across the industry. He says increasingly more CIOs are now adopting genuine software, citing security risks and potential data loss as the main motivation.

One key contributor to the decline of piracy is the advent of online subscription models. In the past, purchasing proprietary enterprise software may require an investment of more than US$4,000 (RM16,877). However, many of these have become cheaper with payments spread out across the year. This lowers the barrier for companies to gain access to the software.

However, there will always be a market for pirated software, says Sawney. No matter how much software makers drive down their prices, cheap can never beat free. He points to the scourge of piracy in the music and movie industry, even though the products are relatively cheaper.

Sawney also recognises the rise of open source software in the marketplace. There are always free and open source alternatives to most major software tools, such as Blender for 3D modelling and animation or DaVinci Resolve for video editing. However, paid software is generally more refined, with the parent company valued at billions of dollars due to the productivity gains from using its products.

Sawney advises Malaysian software developers to find the right balance in software protection and ease of use, as there is generally a trade-off. Making a software too secure requires the user to jump through hoops to access it, and they may lose to a competitor that provides a better user experience. Determining that balance is an aspect that these companies need to negotiate. 

What would be the best way to incentivise private companies to adopt legitimate software? Sawney says it would be disincentivise the use of pirated software so strongly that in itself it becomes an incentive.

“What I mean is that, if you use unlicensed software, and your infrastructure is raided and you get prosecuted for using unlicensed software, your company reputation is forever tarnished,” says Sawney.

“This is not something that can easily fade away. It will be difficult for you to bid for and land the next big project. The disincentive of being in that predicament is so strong now that the message it sends has become the carrot instead of the stick. It is simply not worth using pirated software, especially if you are vying for multibillion-dollar projects with government entities.”

For now, BSA will continue working with government entities around the world, providing education and advice on the use of licensed software. Sawney hopes that the Malaysian government will make the use of genuine software a prerequisite for more tender projects in the future and provide a level playing field to those who lack access to these digital tools to run their businesses.