Cyber-criminals are targeting SMEs in the business supply chain as a way of getting into big enterprises. Installation and use of legal and fully licensed software are a critical first step of defense and ensure security patches from legitimate software vendors
Cyber-criminals are increasingly targeting small-and-medium sized enterprises (SMEs) worldwide, taking advantage of their weaknesses due to the lack of sufficient resources to defend themselves against cyber-attacks. In the business supply chain, SMEs can help cyber-criminals illegally intrude big enterprises during their online transactions.
The Department of Intellectual Property (DIP), the Economic Crime Division (ECD) and the Association of Thai Software Industry (ATSI) join forces to launch the national campaign “Safe Software, Safe Nation” for the second year to raise awareness amongSMEs regarding installation and use of software within their organizations. At a minimum requirement, SMEs should know which software is being installed, run, and used and ensure only legal and fully licensed software is in place. This way will eliminate the risk of illegal cyber intrusion into the company’s networkand ensure the delivery ofsecurity updates and services from legitimate vendors when security breaches are identified.
A recent study by IDC found that there is a strong positive correlation (0.79) between the presence of unlicensed software and the likelihood of encountering malware.By comparison, the correlation between education and income is 0.77, which means organizations that useunlicensed software are at a higher risk of being malware encounters.
“Therefore, under the ‘Safe Software, Safe Nation’ campaign Year2, the necessity of Software Asset Management (SAM) practices will be underlined. We will educate SMEs on how to manage software assets including licensing agreements, which will enable SMEs to optimize software usage and investment to achieve their business goals. Besides, SAM practices will also help them mitigate legal and cybersecurity risks,” said Mr. PitakUdomwichaiwat, the DIP’s Deputy Director-General.
Under the Thailand 4.0 Policy, the Thai government is advocating for SMEs to innovate products and services and leverage technology, including software that supports their e-commerce businesses, to enhance their competitiveness in the global market and to drive the country’s economic growth. However, one of the weaknesses is that SMEs are at a high risk of cybercrimesdue to their lack of financial resources, knowledge, expertise, and capability in defending themselves against cyber-attacks, compared with big enterprises. This weakness motivates cyber-criminals to target SMEs as means to get into big enterprises in the business supply chain.
Pol. Colonel.Winai Wongbuppa, Deputy Commander of the Economic Crime Division, the Royal Thai Police, said:“Cyber-attacks are all costly and may leave an impactfar beyond the damage to SMEs themselves. The effects mayinclude the threat of litigation and potential liability for failing to protect confidential information of business partners, employees, and stakeholders,as well as loss of reputation, customers, business opportunities, and income.”
From January to May this year, ECD raided 78 companies for use of illegal and unlicensed software and found more than 130 million baht in infringement value. While the average annual revenue per company is more than 150 million baht, the average infringement value per company is merely 1.67 million baht. Most raided companies are located in Bangkok and surrounding provinces.
Mrs.JanechiraPrayoonrat, President of the Association of Thai Software Industry,added:“Business organizations using unlicensed software will not have the right to receive security updates and patches from legitimate vendors. Thismay cause their network to fall prey to cyber-attacks.”
Symantec’s 2016 Internet Security Threat Report reveals, in 2015, Thailand had an average of 14 attacks a day. Moreover, according to Microsoft Security Intelligence Report Volume 21, Thailand was ranked 8th for top markets in Asia-Pacific under malware threats in the second quarter of 2016. These reports supplement IDC’s study in 2016 that Thailand is at a high risk of cyber-attacks given itshigh rate of unlicensed software useat 69% compared with the average rate of 61 % for Asia.