Thursday, March 20, 2014

Cost of Cyber-Security Breaches Highest in Asia Pacific

New study finds malware infections in computers due to pirated software.
Businesses and consumers in Malaysia still on Windows XP are at risk to security threats including viruses, spyware and malware

KUALA LUMPUR, March 19 2014 — Enterprises in Asia Pacific (APAC) are expected to spend nearly USD$230 billion1 in 2014 to deal with issues caused by malware deliberately loaded onto pirated software — USD$59 billion dealing with security issues and USD$170 billion dealing with data breaches — according to a new joint study conducted by IDC and the National University of Singapore (NUS). APAC consumers, on the other hand, are expected to spend USD$11 billion this year because of security threats and costly computer fixes stemming from malware on pirated software.

The study, titled “The Link Between Pirated Software and Cybersecurity Breaches,” also reveals that 65 percent of APAC consumers surveyed say their greatest fear from infected software is the loss of data, files or personal information, followed by unauthorized Internet transactions (48 percent) and potential identity theft (47 percent). However, 41 percent of those same respondents do not install security updates, leaving their computers open to attack by cybercriminals.

Government officials expressed concern about the potential impact of cybersecurity threats to their nations. According to the survey, APAC governments are most worried about the unauthorized access to confidential government information (57percent), the impact of cyberattacks on critical infrastructure (56 percent), and the loss of business trade secrets or competitive information (55 percent). It is estimated that governments worldwide could lose more than USD$50 billion to deal with the costs associated with malware on pirated software.

“The effect of cybercrime is financially devastating for consumers, companies, and governments alike” said Jeff Bullwinkel, Associate General Counsel and Director of Legal and Corporate Affairs, Microsoft Asia Pacific and Japan. “Cybercriminals are always looking for new ways to break into computer networks to take your money, steal your identity, and passwords for financial gain. The Microsoft Cybercrime Center is committed to putting an end to these acts to keep personal and financial data safe and secure.”
The study was released today as part of Microsoft’s “Play It Safe” campaign, a global initiative to create greater awareness of the connection between malware and piracy.

“The “Play It Safe” campaign seeks to educate businesses and consumers to be more aware of the risks associated with pirated software and to take proactive steps to ensure that their PCs and devices come with genuine software,” said Amrita Sapre, Windows Business Group Lead for Microsoft Malaysia. Amrita further explained that the risks associated with pirated software can be devastating if left unchecked. “One of the hidden costs of using pirated software is the likelihood of encountering nasty, unwanted code, either in the software itself, via code that can get downloaded or installed along with it, or on PCs with pirated software installed on them. Much of this malware is created by criminal organizations with illegal financial gain, data theft, espionage, or other mayhem in mind.”

Amrita also explained that with Windows XP support now ending soon, Malaysians should consider taking pre-emptive measures to ensure that these risks are avoided. “With Windows XP end of support now just days away, we encourage both businesses and consumers to migrate to a more current and safer platform, like Windows 8. While we understand that Windows XP was one of the most popular operating systems in Microsoft’s history, it was not designed to handle the challenges of today, such as the increased exposure to cyber-attacks and demands for more data privacy. In fact, Microsoft’s latest Security Intelligence Report (Vol. 15) found Windows XP SP3 to be 5.68 times more vulnerable than Windows 8 RTM, along with a staggering 82.4% higher malware infection rate. The simple fact is, the odds of one getting compromised and losing valuable personal information on a Windows XP machine is far higher than on a modern, Windows 8 devices.”

Dr. Amirudin Abdul Wahad, CEO of Cybersecurity Malaysia has also previously commented, “Whether you’re an SMB or consumer in Malaysia, the dangers of continued use of XP are real and the risks should not be under-estimated. Windows XP is three generations behind Microsoft’s most modern operating system so continuing to use PCs with XP is similar to driving a car without a seat belt or a motorbike without a helmet. The risks are real and the only way to protect yourself and the organization is to upgrade.”

Additional highlights from the survey include the following:
The world’s highest enterprise losses will come from APAC (USD$138 billion) and will be at the hands of organized criminals.
In Asia Pacific 32 percent of the pirated software in enterprises is installed by employees.
29 percent of APAC enterprise respondents reported security breaches causing network, computer or website outages occurring every few months or more; 66 percent of those outages involved malware on end-user computers.
Infection rates are higher in emerging markets, where more consumers and enterprises acquire software and PCs from suspect sources – small specialty shops, street markets, consultants etc. China and Thailand had the highest rate of PC infections and of infections of software bundled with PCs.
Only 40 percent of all PCs are used in Asia Pacific but IDC estimates that the region will account for 47 percent of the world’s pirated software in 2014.
Despite lower labour costs to deal with pirated software in Asia Pacific, the region’s higher rate of infection and higher number of pirated software units are responsible for extensive recovery costs.

“Using pirated software is like walking through a field of landmines: You don’t know when you’ll come upon something nasty, but if you do it can be very destructive,” said John Gantz, chief researcher at IDC. “The financial hazards are considerable, and the potential losses could leave once-profitable businesses on shaky ground. Buying legitimate software is less expensive in the long run — at least you know that you won’t get anything ‘extra’ in the form of malware.”

The NUS forensics analysis of 203 new PCs loaded with pirated software found that a staggering 61 percent of the PCs were pre-infected with unsafe malware, including Trojans, worms, viruses, hacktools, rootkits and adware. These PCs, purchased through resellers and PC shops in 11 markets, included more than 100 discrete threats.

 “It is hugely concerning that brand new PCs are coming pre-infected with dangerous malware due to pirated software, making the users and companies readily vulnerable to security breaches,” said Associate Professor Biplab Sikdar, Department of Electrical & Computer Engineering, National University of Singapore. “The university’s forensic tests clearly indicate how cybercriminals are increasingly leveraging the unsecure supply chain of piracy to spread malware and compromise PC security in a serious way. We would only recommend usage of genuine software for online safety and cybersecurity.”

A recent forensic study further supports NUS’ analysis by citing that 1 in 2 PCs running counterfeit software in Malaysia was infected with malware – including highly dangerous “Zeus” Trojan – across well-known PC brands.

“Many people assume that buying a name-brand PC is all that’s required to guarantee a good and safe computing experience. They don’t think twice about the software sold with the computer, and whether or not it’s pirated,” added Amrita. “But consumers and businesses need to beware: while they might think there are great deals to be had by looking the other way, the hidden cost of pirated software is significant, and contrary to popular belief, can’t be remedied by simply running anti-virus software. If a consumer can’t verify that the computer they purchased was installed with a genuine copy of Windows, their risk of exposure to viruses and spyware—and the potential for data corruption, theft and financial loss—increases exponentially.”

The global study surveyed 1,700 (807 APAC) consumers, IT workers, chief information officers, and government officials in Brazil, China, France, Germany, India, Indonesia, Japan, Mexico, Poland, Russia, Singapore, Ukraine, the United Kingdom, and the United States, and analyzed 203 computers acquired in Brazil, China, India, Indonesia, Mexico, Russia, South Korea, Thailand, Turkey, Ukraine, and the United States. This year’s research is an extension of IDC’s 2013 study, “The Dangerous World of Counterfeit and Pirated Software,” differentiated by the attitude of government officials as well as the analysis of new markets, making the economic connection to cybercrime.

Avoid the hidden cost of software piracy

Microsoft also advises consumers and businesses to take the following steps to avoid the inadvertent purchase of pirated software:
When purchasing a new PC, always insist on installing a genuine copy of the operating system.
Buy from a trusted or authorized reseller and avoid deals that seem “too good to be true.”
Ensure all software purchases come in their original packaging.
When buying a PC with Windows, look for the genuine label and Certificate of Authenticity that Microsoft requires be affixed to all PCs on which Windows is pre-installed. As a further check after purchase, log on to to confirm the label is authentic.

Whether an individual user, a small business, enterprise or even a government institution, all are encouraged to buy new computers from reputable sources to ensure they receive genuine software. Microsoft is committed to protecting its unsuspecting consumers from downloading or purchasing nongenuine software that exposes victims to malware that can lead to identity theft, loss of data and system failures. Customers are encouraged to visit to learn more about malware and ensure their machines are not infected; if malware is present, the site offers tools to remove the infection.

No comments: