资源描述
Software Management: Security Imperative, Business Opportunity BSA GLOBAL SOFTWARE SURVEY JUNE 2018Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Malware Is Increasingly Pervasive, Costly, and Debilitating . . . . . . . . . . . . . . . . . . 3 Malware Infections Are Associated With Unlicensed Software . . . . . . . . . . . . . . 5 Software Asset Management Can Decrease These Cyber-Risks and Boost Bottom Lines . . . . . . . . . . . . . . . . . . . . . 8 Global Trends . . . . . . . . . . . . . . . . . . . . . . . . . 12 Software Asset Management: How to Protect Your Organization From Risk and Increase Value . . . . . . . . . . . . . . . . . . . . . 14 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . 17 Endnotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 CONTENTS . bsa . org 1 SOFTWARE MANAGEMENT: SECURITY IMPERATIVE, BUSINESS OPPORTUNITY Introduction A round the world, software has become one of the most ubiquitous and essential tools businesses use to perform their most fundamental everyday tasks from tracking sales, maintaining books, targeting markets, communicating with customers, collaborating with partners, to boosting productivity. With breakthrough advances making software even more capable, organizations are increasingly using it as a catalyst for improving the way they do business, growing their bottom lines, reaching new markets, and obtaining competitive advantages. Too often today however, users are seeing their efforts to harness innovative technologies hampered by crippling security threats, including exposure to malware. It is increasingly clear that malware infections are tightly linked to the use of unlicensed software. As a result, many CIOs are coming to understand the true costs of unlicensed software and taking pragmatic steps to improve their software management. To better understand these impacts and opportunities, BSAs Global Software Survey, conducted in partnership with IDC, set out to quantify the volume and value of unlicensed software installed on personal computers across more than 110 national and regional economies. The results show that, although CIOs are aware that using unlicensed software creates security risks, 37 percent of software installed on personal computers is still unlicensed. The report thus makes clear that in this era of heightened cybersecurity risk, organizations need to take the critical first step of assessing what is in their network and eliminating unlicensed software. In doing so, they can reduce the risk of harmful cyber attacks and boost the bottom line. Use of unlicensed software, while down slightly, is still widespread. CIOs are finding unlicensed software is increasingly risky and expensive. Improving software compliance is now an economic enabler and security imperative. Organizations can take meaningful steps today to improve software management and achieve important gains. KEY TRENDS AND FINDINGS2 BSA | The Software Alliance Use of unlicensed software, while down slightly, is still widespread. Despite a global two-point drop in unlicensed software installation rates during the last two years, unlicensed software is still being used around the globe at alarming rates, accounting for 37 percent of software installed on personal computers. Although the overall commercial value of unlicensed software has also been declining, the majority of all countries in the survey still have unlicensed rates of 50 percent or higher. These high rates dont just delay the local economic benefits that are associated with thriving technology use, they impede growth in a companys bottom line and induce unprecedented security risks. CIOs are finding unlicensed software is increasingly risky and expensive. Organizations now face a one-in-three chance of encountering malware when they obtain or install an unlicensed software package or buy a computer with unlicensed software on it. Each malware attack can cost a company $2.4 million on average and can take up to 50 days to resolve. To the extent that the infection leads to company downtime, or lost business data, it can also seriously affect the companys brand and reputation. The cost for dealing with malware that is associated with unlicensed software is growing too. It can now cost a company more than $10,000 per infected computer, and cost companies worldwide nearly $359 billion a year. Avoiding the security threats from malware is now the number one reason CIOs cite for ensuring the software on their network is fully licensed. Improving software compliance is now an economic enabler and security imperative. With growing costs from malware, business leaders are increasingly turning to fully licensed software that can be patched with the latest updates as a key line of defense against crippling malware incursions, data breaches, and other security risks. More and more leaders are also realizing that improving their ability to manage software across an entire organization can be a powerful new tool to help them decrease downtime, and significantly boost their bottom line. In fact, IDC estimates that when companies take pragmatic steps to improve their software management, they can boost their bottom line by as much as 11 percent. Organizations can take meaningful steps today to improve software management and achieve important gains. To access these benefits, organizations can implement proven software asset management (SAM) best practices to improve their software asset management and get more out of their technology. SAM not only helps CIOs ensure that software running on their network is legitimate and fully licensed, it can also help decrease debilitating cyber-risks, improve productivity, reduce downtime, centralize license management, and reduce costs. Studies show that organizations can achieve as much as 30 percent savings in annual software costs by implementing a robust SAM and software license optimization program. 1This in-depth analysis of the use of unlicensed software shows that companies that implement strong measures to improve the way they manage software now have a powerful new tool for reducing security risks, boosting their bottom line, decreasing downtime, and growing opportunity. KEY FINDINGSSOFTWARE MANAGEMENT: SECURITY IMPERATIVE, BUSINESS OPPORTUNITYMalware threats are now at an all- time high with eight new threats appearing every second of every day. . bsa . org 3 Malware Is Increasingly Pervasive, Costly, and Debilitating A round the globe, consumers, companies, and countries are increasingly finding that that their efforts to harness the power and potential of new technologies is being hampered by the potentially serious threats caused by malware. These malware threats are now at an all- time high with eight new threats appearing every second of every day. 2As they grow in frequency, they also grown in impact; they are increasingly expensive and debilitating. The number of malware attacks continues to grow exponentially both in number and in sophistication. 3In 2016, for example, there were 15 data breaches with more than 10 million IDs exposed almost double the number in 2013. 4The attacks are not only aimed at large enterprises consumers and enterprises of all sizes are affected. In fact, in 2015 43 percent of cyber-attacks worldwide were against small businesses with less than 250 workers. 5And cybercriminals are now targeting mobile networks as well. Malware variants on mobile devices increased by 54 percent last year, with 24,000 malicious mobile apps blocked every day. 6These attacks are also becoming increasingly expensive. The average malware attack costs a company $2.4 million. 7Each infection can lead to costly downtime, lost productivity, lost business opportunities, and additional IT labor costs to help mitigate the attack. To the extent that the infection leads to company downtime or lost business data, it can also seriously affect the brand and reputation of a business. Making matters worse, the economic cost of these infections continues to grow up 20 percent since 2014. Malware-related activity now costs the global economy a startling $600 billion annually, or 0.8 percent of the global GDP . 8Complicating efforts, these attacks are often difficult to detect and resolve. It takes an organization an average of 243 days to detect a malware attack 9and can take up to 50 days to resolve. 10(continued on page 5)MALWARE IMPACTS Organizations now face a nearly one-in-three chance of encountering malware when they obtain or install unlicensed software . Dealing with the malware associated with unlicensed software can cost more than $10,000 per infected computer for a worldwide total of more than $359 billion . Users are taking note: 68 percent of computer users and 48 percent of CIOs rated malware among the top three reasons not to use unlicensed software . CIOs top concerns from these unlicensed malware threats include the loss of corporate or personal data, system downtime, network outages, and the cost of disinfecting systems . To help mitigate these impacts, the number of CIOs who have a formal written policy about the use of licensed software has jumped dramatically from 41 percent in 2015 to 54 percent this year . Yet only 35 percent of workers are aware of a formal written policy, suggesting a critical education gap . Organizations taking proactive steps are finding that a 20 percent increase in software compliance can improve a companys profits by 11 percent a boost of more than half a million dollars for the average-sized company in the survey . 4 BSA | The Software Alliance . bsa . org 5 SOFTWARE MANAGEMENT: SECURITY IMPERATIVE, BUSINESS OPPORTUNITY MALWARE INFECTIONS ARE ASSOCIATED WITH UNLICENSED SOFTWARE It is increasingly clear that these malware infections are tightly linked to using unlicensed software the higher the rate of unlicensed software use, the higher the likelihood of a debilitating malware infection. Notwithstanding that link, however, unlicensed software continues to be deployed at an alarming rate. Around the globe a significant amount of software in use is unlicensed. Indeed, in four out of six regions Asia-Pacific, Central and Eastern Europe, Middle East and Africa, and Latin America the majority of software deployed on personal computers is unlicensed. (See pages 1213). Given the link between unlicensed software and malware infections, this creates enormous cyber-risk. IDC estimates that organizations that obtain or install an unlicensed software package or buy a computer with unlicensed software on it face a one-in-three chance (29 percent) of encountering malware. Statistical analysis confirms this link. In countries around the globe, there is a strong and consistent correlation (r-0.78) between using unlicensed software and encountering malware. In fact, a countrys unlicensed software rate is a reliable predictor of a countrys malware infection rate. CIOs understand this link. When asked to rank the top benefits of strong software license management and better software compliance, 54 percent of CIOs listed lower security risks as the primary reason to ensure their software was fully licensed. The link between malware and unlicensed software is top of mind for CIOs for good reason CIOs know firsthand the debilitating consequences of a malware infection. CIOs surveyed noted their primary concern related to malware that can accompany unlicensed software is the theft of data (46 percent). They also reported significant concerns with unauthorized access to their network (40 percent), responding to potential ransomware (30 percent), system outages and downtime (28 percent), and the time and cost of disinfecting the network (25 percent). And they 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% National Rate of Unlicensed Software Installation (%) National Malware Encounter Rate (%) Unlicensed Software and Malware Encounters Are Tightly Linked Source: IDC6 BSA | The Software Alliance recognize that these are not one-off experiences. In fact, one in five (19 percent) enterprises in our survey reported they have network, website, or computer outages every few months or more and that the most common cause of security-related outages was from malware on end user computers (56 percent) making unlicensed software a prominent vector of attack. 02 04 06 08 0 100 Loss of corporate/personal data Unauthorized access Ransomware System outages/downtime Time and cost to disinfect Loss of IP/proprietary information Costs to deal with breaches Impact on customers Impact on organization reputation 46% 40% 30% 28% 25% 24% 22% 21% 20% Cost to prevent 13% Top Enterprise Concerns About Malware Effects From Unlicensed Software And, as noted above, these impacts can be devastating. Dealing with a cyber-attack and its aftermath can now cost a company more than $10,000 per infected computer costing the company orders of magnitude more than what it would cost to obtain licensed versions of the software, and far more than the cost of the computer itself. IDC estimates that it costs companies nearly $360 billion a year to deal with malware associated with unlicensed software. 02 04 06 08 0 100 Lower security risks Less risk of legal issues Increased IT productivity Protection of corporate brand Customer or trading partner satisfaction Increased end user productivity Lower software costs Less disruption from audits Better relationship with vendors 54% 43% 35% 28% 26% 26% 20% 19% 16% CIOs Report the Top Benets of Strong Software Compliance . bsa . org 7 SOFTWARE MANAGEMENT: SECURITY IMPERATIVE, BUSINESS OPPORTUNITY MALWARE RISKS CAN TRANSLATE INTO SIGNIFICANT REAL-WORLD PROBLEMS Lack of software asset management, and reliance on unlicensed software, is having huge security impacts around the globe, especially in countries with high rates of unlicensed software. For example: China, where a whopping 66 percent of software is unlicensed, has suffered from disproportionately devastating malware attacks that crippled an estimated 40,000 Chinese institutions. Just one malware attack traversed unpatched, unlicensed software so rapidly that it crippled prestigious research institutions like Tsinghua University, halted the electronic payment systems throughout the country at PetroChinas gas stations, shut down ATMs run by the Bank of China, and impacted the operations of major companies like China Telecom and Hainan Airlines. Finnish cybersecurity company F-Secure reports that the large number of computers running unlicensed
展开阅读全文