Mumbai: More than 60 percent of the software used by companies in India is unregulated which poses a threat of cyber attacks, according to business practices firm EY.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

"Many organisations secure their hardware. However, they do not pay attention to the software used, which could be unregulated," Maya Ramachandran, Partner, Advisory Services Practice, EY told PTI.


"More than 60 per cent of software used by companies in India is unregulated, which can pose a threat to cyber security," she added.


As per data of Indian Computer Emergency Response Team (CERT-In), over 50,300 cyber security incidents like phishing, website intrusions and defacements, virus and denial of service attacks were observed in the country during 2016.


Last month, over 100 countries were hit by 'WannaCry' ransomware in one of the most widespread cyber attacks in history.


According to a recent EY survey, over 49 per cent of chief information officers identified security threats from malware as a major threat posed by unlicensed software, while 26 per cent employees admitted to installing outside software on work computers.


"Several large corporations and multinational companies have started setting up software asset management offices that would look into the leading best practices of using software including compliance and licensing terms to the software vendor," Ramachandran pointed out.


However, middle market companies are more concerned about running the business and may ignore peripheral matters including cyber security, she added.


An organisation with stringent software asset management practices can operate a secure and cost effective IT environment, she said.


Software asset management would address inadvertent downloads of malware through unauthorised software, or software of unknown vendors and use of removable media to download software that is not supported in a corporate environment.


It would also address issues like use of older versions of software, unauthorised connection of personal devices to corporate networks, among others.