When the Department of Homeland Security announced a new report on the greatest threats to cybersecurity in September 2014, many people were surprised when the enemy was revealed not to be some shadowy underground terrorism organization, but instead a group that’s a little closer to home. According to DHS, the greatest threat to American cybersecurity is actually disgruntled employees.
We’ve heard a lot lately about unhappy employees and former employees committing horrific crimes at their places of employment. However, many unhappy workers actually commit crimes that while perhaps not worthy of headlines, are still extremely devastating to their employers, customers, and in some cases, national security. With their intimate knowledge of corporate networks and security protocols, employees are in a unique position to create data breaches, restrict access, install malware, and generally wreak havoc on otherwise well protected systems, especially since most of their activities appear “normal” in the course of regular network traffic.
DHS estimates that employee-driven cybercrime cost companies between $5,000 and $3 million per incident, and is responsible for more than 50 percent of data breaches. And one of the most common methods that these workers use to spread destruction is pirated or unlicensed software.
Fake Software, Real Consequences
Sometimes, pirated software happens accidentally: An employee finds a bargain on a tool that’s useful for work, for example, and installs it without permission.
However, a large number of employees who install pirated software know exactly what they are doing, and deliberately install software that they know is fake or use it without a license, because they either don’t care about the consequences to their employer or they actually want to cause problems. For example, an employee on the way out the door could install software that allows them to harm the network somehow — and then either launches an attack or uses the program to blackmail the organization into meeting his or her demands.
In other cases, an employee might install software that spreads malware, reducing productivity and leading to costs in mitigating the damage. Or the program might be designed to give others unfettered access to the network. Regardless of how the software works, though, the consequences are the same: Increased costs, lowered productivity, damaged reputations, and even legal issues stemming from violating federal law.
Creating Conditions for an Audit
In the U.S., the Business Software Alliance, a non-government watchdog group, works to ensure that software is appropriately licensed and that software piracy is controlled and contained. Working within the confines of federal law, the BSA has successfully audited and brought sanctions against hundreds of companies —and recouped millions of dollars in fines — for improper use of software.
In general, when the BSA suspects that a company is using software illegally — often because of anonymous reporting or suspicious activity — it launches an investigation that includes a software audit. The software audit involves reporting all of the software that is in use within the organization as well as details about the source and licensing of the software. If the audit reveals irregularities, the company may face civil or criminal charges on behalf of the software developers.
In some cases, employees deliberately use pirated software and either wait to see if there will be a BSA audit, or (a more likely scenario) they will make an anonymous report themselves. Considering that companies can be fined up to $150,000 for every instance of pirated software, disgruntled employees can quickly cause financial havoc — or even put the company out of business.
Keeping your organization safe from employee sabotage requires not only awareness of the issue, but taking steps to prevent it from occurring in the first place. At minimum, you should:
- Restrict administrator privileges to prevent the unauthorized installation of pirated or unlicensed software on employee machines.
- Conduct a software audit and use a license management tool to keep track of the applications that are installed and their license details.
- Develop a strict software compliance policy that specifically prohibits piracy and outlines consequences for noncompliance. Employees should also be trained in copyright protection, avoiding piracy, and protocol for reporting suspected violations.
- Take steps to restrict former employees from network access immediately.
- Continuously monitor your network for signs of inappropriate use or suspicious activity.
Software developers can also help in the fight against e-sabotage. Using solutions like Safenet embedded software monetization helps prevent unauthorized use of their products. Making it easy for organizations to keep track of and manage entitlements via continuous monitoring can also help protect against e-sabotage.
Software piracy is a serious issue worldwide, but it’s especially important for businesses to be aware of the problem and prevent it from harming their companies. Learn exactly what software is on your network — and who is using it and how — to prevent serious and costly consequences.