Despite repeated warnings of cyber threats sent in the form of WannaCry ransomware and Fireball malware, a new study reveals that more than 60 percent of the software used by companies in India is unregulated and this pose a threat to the country’s cyber security
Many organizations secure their hardware. However, they do not pay attention to the software used, which could be unregulated, said business practices firm EY in its latest report.
As per data of Indian Computer Emergency Response Team (CERT-In), over 50,300 cyber security incidents like phishing, website intrusions and defacements, virus and denial of service attacks were observed in the country during 2016. Last month, over 100 countries were hit by ‘WannaCry’ ransomware in one of the most widespread cyber attacks in history.
According to the EY survey, over 49 per cent of chief information officers identified security threats from malware as a major threat posed by unlicensed software, while 26 per cent employees admitted to installing outside software on work computers. “Several large corporations and multinational companies have started setting up software asset management offices that would look into the leading best practices of using software including compliance and licensing terms to the software vendor,” Ramachandran pointed out.
“It has been observed that middle market companies are more concerned about running the business and may ignore peripheral matters including cyber security, she added. An organisation with stringent software asset management practices can operate a secure and cost effective IT environment,” Maya Ramachandran, Partner, Advisory Services Practice, EY said in a report.
Software asset management would address inadvertent downloads of malware through unauthorised software, or software of unknown vendors and use of removable media to download software that is not supported in a corporate environment, the advisory firm said.
It would also address issues like use of older versions of software, unauthorised connection of personal devices to corporate networks, among others. In other words, Indian companies need to upgrade cyber security infrastructure or else risk getting hacked again and lose business.