Earlier this month, BSA member Microsoft partnered with the FBI and law enforcement authorities in more than 80 countries to break up a huge cybercrime ring that had managed to steal an estimated $500 million from bank accounts in the United States, Europe and Hong Kong. The perpetrators carried out their crimes by infecting millions of PCs with a virus that effectively turned them into zombies and then conscripted them into the service of malicious computer networks known as Citadel botnets. All told, the Microsoft-FBI–led enforcement operation took down 1,400 of these botnets.
While this Citadel case is noteworthy for its breadth and scope, it is just one example of a growing wave of cyber-threats that BSA members Symantec and McAfee document regularly. For example, Symantec’s 2013 Internet Security Threat Report found a 42 percent increase in targeted attacks last year. McAfee Labs is now tracking more than 128 million samples of malware affecting clients, servers, networks and mobile platforms.
There are basic security measures that all computer users should take to guard against the global problem of malware, from installing antivirus software to using strong passwords. But there is one measure that never gets enough billing: using legal software. As a body of research shows, pirated software is more vulnerable to attacks because it is less likely to be supported with critical security patches and updates.
For enterprises in particular, that’s a recipe for costly system malfunctions, downtime and IT repairs. It’s also a strong argument for proven software asset management programs like BSA’s SAM Advantage, which aligns with the International Organization for Standardization’s SAM standard.
As we said when we first introduced SAM Advantage, the value proposition of robust software asset management is simple: “Manage your assets. Minimize your risk. Maximize your returns.” Since then, we have incorporated feedback from SAM practitioners to improve the program. We have also launched a certification for entire organizations and a first-of-its-kind license-compliance registry called Verafirm.
There are any number of business reasons to accelerate adoption of these kinds of programs, from better operational performance to avoidance of unnecessary legal and financial risks. But as the recent Citadel botnet takedown shows, there is also a persuasive security rationale. No one wants their PC to be dragooned into service as a criminal zombie when there are common-sense ways to avoid it.
