Non-genuine software invites security risks

NEW DELHI, INDIA: Non-genuine software can potentially disrupt the smooth functioning of an organizations’ operations by adversely affecting the system security infrastructure, indicates a recent study conducted by advisory firm KPMG. Many hackers create potentially dangerous software to lure those who use non-genuine software, it said in a report.

The study, titled 'An Inconvenient Reality–The unaccounted consequences of non genuine software usage', seeks to establish the significant information security implications for government and corporate organizations as well as individuals when deploying non-genuine software, said a press release.

As part of the research conducted for the report, KPMG reviewed 50 websites offering non-genuine software and/or enablers for non-genuine software usage, like key generators. The study revealed that more than 60 per cent of these websites include a varying degree of threat vectors that can potentially impact information systems security.

Speaking on the release of this report, Akhilesh Tuteja, executive director, IT Advisory Services, KPMG in India said, “Explosive growth of the Internet in the last two decades has made it one of the most used channels for acquiring software quickly and at the same time higher profit margins and minimal risks associated with counterfeiting/cracking of genuine software, have given opportunity to anti-social and anti-national elements to make non-genuine software available on the Internet as well as in the physical media.”

Threat to national security

The research performed during the development of this paper observed that the usage of non-genuine software can now be considered a significant vector in weakening the security posture at micro and macro economic levels.

A system having non-genuine software can adversely impact the overall security of a network, said KPMG. A large numbers of hackers develop potentially dangerous software disguised as software with rich functionalities to lure unsuspecting users, it warned. These users can then become part of botnets and be controlled remotely for executing large scale attacks.

Large numbers of students never or rarely pay for commercial software programs and they use the non-genuine ones thus making them more vulnerable to hackers.

According to KPMG, 39 per cent organizations surveyed reported security incident of non- genuine software detection in their IT environment. Companies using non-genuine software are 43 per cent more likely to have critical systems failure.

Some security measures

The report discusses the security programs adopted by select corporations across industry sectors for discouraging use of non-genuine software and also provides recommendations for mitigating such risks. Some of the measures that the government and industry may consider include:

Creating awareness among end users in homes, academic institutions, public and private enterprises against the usage of non-genuine software; this includes a program specially targeted towards the student community.

Working towards effective implementation of the legal and regulatory framework to discourage deployment of infected non-genuine software.

Facilitating faster and more focused punitive action for non-compliance, including establishment of special courts

Institutionalization of an internal program within the government and private organizations to manage and control deployment of software assets

Implementing controls to prevent and detect usage of non-genuine software, especially on critical Information, Communication and Telecom(ICT) infrastructure.