You get what you pay for: the security risks of pirated software

The only thing riskier than outdated software is pirated software.

Last month my colleague Mark Whittington wrote about the cyber security dangers posed by hanging on to Windows XP, especially with support officially ending about a year from now, but pirated software is a whole different ballgame. Not only does it include all of the same risks as unsupported software, it brings a host of terrifying new risks that global defense and national security agencies simply can’t afford.
Let’s start with the similarities. Much like outdated software, pirated products aren’t equipped with critical updating, patching, and monitoring support services that enterprises rely upon to stay secure. Cyber security is a constantly evolving effort, and Microsoft invests incredible amounts of resources to ensure that our software is adapting to emerging threats. Without incorporating these best practices on an ongoing basis, national security organizations are easy targets for increasingly sophisticated cyber enemies looking to steal sensitive information and descript national systems.
The even bigger issue is that pirated software typically comes with a hidden surprise inside – malware.  That’s right; part of the low sticker price is that you’re often purchasing software infected with viruses and spyware, or being asked to download it from infected websites. A recent study by IDC found that global enterprises have a three in 10 chance of infection from pirated software, spending approximately $114 billion per year dealing with the impact of malware-induced attacks, and incurring potential losses of $350 billion due to data breaches. That low upfront cost very quickly becomes too great a risk when the cyber threat is factored in, as criminals increasingly use pirated software as a vehicle to embed threats on sensitive networks, resulting in data loss, identity theft, and corrupted systems.
The challenge is even greater in developing regions, where the rates of pirated software are highest. As of 2008, IDC found that the Middle East and Africa had a software piracy rate of 59 percent, while a recent Microsoft study found that of a sampling of 169 PCs purchased from stores in China, 91 percent contained malware or deliberate security vulnerabilities related to pirated versions of Windows. A study of malware threats in Indonesia, Malaysia, Philippines, Thailand, and Vietnam found an average malware infection rate of 69 percent among 282 computers and DVDs.

Governments within these regions are responsible for protecting some of the most sensitive data in the world, and yet they are operating within the riskiest cyber environments, largely due to rampant piracy.  
The bottom line is that when security costs and risks are taken into account, pirated software is actually incredibly expensive. We’re working with defense and national security leaders across the Middle East, Africa, and Asia to ensure that they have cost-effective access to software that is secure, supported, and in line with their public safety goals. Pirated software is cheap for a reason – and the risk of that low price tag is too much for any government to take on.
D.A. Harris
Director, Business Development, Worldwide Defense