Piracy of software in South Africa "alarming" — over R4 billion's worth

Most of my games are legal, my girlfriend won't be!

:D

Pedobear-pedo-bear-29034465-500-498.jpg
 
This is and has always been complete and utter bullshit. Take Microsoft's Volume Licencing, MS will check every so often (typically 3-5 years) if you're complying to your subscription and will rely for the most part on self-verification. If you're licensed for say 250 users and you find yourself having 300 users at some point you will have 50 "pirated" copies of Windows, Office, etc running. But these will all still be updated, patched and supported as part of your volume licence. Once you do a true-up on you agreement you'll pay for 300 users. Problem solved.

Plenty of enterprise software these days work on a subscription, always-on, cloud based licencing or some other method of verification to ensure legitimacy. Red Hat as an example you pay to ensure that you can download updates from the Red Hat repository, you stop paying and you're unable to download updates from the official repository and you lose support. The Operating System is still operational, it's not compromising your security in any way.

To attack their "key" findings directly :

- Cyberattacks cost businesses more than $400b in 2015 : Yeah, sure and most of those could have been prevented if basic security practices were employed (properly configured firewalls, Anti-virus, anti-malware, IDS/IPS systems, etc etc) How many of these cyberattacks were breaches by external parties hacking their way in and how many were due to "check out this cute bunny" emails or just plain social engineering?
- A strong connection exists between cyberattacks and the use of illegitimate or unlicenced software : Yes, and the Divorce rate in Maine correlates with Per capita consumption of margarine. You can get correlation between many factors if you dig deep enough. Using cracked software that's infected with malware will compromise your security, but then again, where is your anti-virus, etc etc.
- Too many CIOs are not controlling their networks, bla bla bla : The tools exist, some cost money. Executives want bonuses, so why spend money on software that will tell you to spend more money on more software? Also, have you ever taken away a users rights to install software? What about disabling mass storage devices attached to USB ports? Disable google drive, dropbox, etc?
- "Admitted installing outside software on work computers" : Yes, outside software like Chrome, Firefox, 7zip, etc is the problem. </Sarcasm>
- Mobile devices and policies : Seriously? You get MDM software, most companies won't pay for that shit and just let people connect any crap to their WiFi network. Execs wants bonuses, software costs money, denied. Exec has wants his daughters iPad to connect to corporate WiFi, is allowed because he is an exec.

</Rant> The problem is not cyberattacks, it's not unauthorized software, it's not poor or missing policies (for the most part). The issue is that most executives or business owners really don't care. They want something to work while spending the least amount of money possible. Sometimes this will mean skirting the law and pirating software, other times it will mean turning a blind eye to someone pirating software as long as the job gets done.
 
This is and has always been complete and utter bullshit. Take Microsoft's Volume Licencing, MS will check every so often (typically 3-5 years) if you're complying to your subscription and will rely for the most part on self-verification. If you're licensed for say 250 users and you find yourself having 300 users at some point you will have 50 "pirated" copies of Windows, Office, etc running. But these will all still be updated, patched and supported as part of your volume licence. Once you do a true-up on you agreement you'll pay for 300 users. Problem solved.

Plenty of enterprise software these days work on a subscription, always-on, cloud based licencing or some other method of verification to ensure legitimacy. Red Hat as an example you pay to ensure that you can download updates from the Red Hat repository, you stop paying and you're unable to download updates from the official repository and you lose support. The Operating System is still operational, it's not compromising your security in any way.

To attack their "key" findings directly :

- Cyberattacks cost businesses more than $400b in 2015 : Yeah, sure and most of those could have been prevented if basic security practices were employed (properly configured firewalls, Anti-virus, anti-malware, IDS/IPS systems, etc etc) How many of these cyberattacks were breaches by external parties hacking their way in and how many were due to "check out this cute bunny" emails or just plain social engineering?
- A strong connection exists between cyberattacks and the use of illegitimate or unlicenced software : Yes, and the Divorce rate in Maine correlates with Per capita consumption of margarine. You can get correlation between many factors if you dig deep enough. Using cracked software that's infected with malware will compromise your security, but then again, where is your anti-virus, etc etc.
- Too many CIOs are not controlling their networks, bla bla bla : The tools exist, some cost money. Executives want bonuses, so why spend money on software that will tell you to spend more money on more software? Also, have you ever taken away a users rights to install software? What about disabling mass storage devices attached to USB ports? Disable google drive, dropbox, etc?
- "Admitted installing outside software on work computers" : Yes, outside software like Chrome, Firefox, 7zip, etc is the problem. </Sarcasm>
- Mobile devices and policies : Seriously? You get MDM software, most companies won't pay for that shit and just let people connect any crap to their WiFi network. Execs wants bonuses, software costs money, denied. Exec has wants his daughters iPad to connect to corporate WiFi, is allowed because he is an exec.

</Rant> The problem is not cyberattacks, it's not unauthorized software, it's not poor or missing policies (for the most part). The issue is that most executives or business owners really don't care. They want something to work while spending the least amount of money possible. Sometimes this will mean skirting the law and pirating software, other times it will mean turning a blind eye to someone pirating software as long as the job gets done.

+1 This. A thousand time this!!! Oh my word I want to marry this comment and have it's babies!!!

From a business perspective, I cannot agree more with what [MENTION=6600]PsychoFish[/MENTION] has said here. There are literally 1000's of tools businesses can use to combat and prevent cyberattacks, as well as combat piracy or less than legitimate software licenses floating around a business. And it all comes down to policies and procedures. Policies that business needs to adopt if they expect to do business in a connected world such as the one we live in.

And I would love to go on a tangent and have my own rant here, but I'll keep it as short as I possibly can.

Here is the problem: Business can't speak IT, and IT can't speak business.

Here is my reasoning: As IT managers or CIO's or any person in a senior business role in charge of a companies IT department, the onus lies with him to ensure the business understands the profit implications of derelict or lackadaisical IT policies and systems. His primary job is to translate these IT issues into business speak, making the business decision makers well aware of the implications of all their connection policies, or lack thereof. Also, the business owners needs to learn that IT is NOT just a support function anymore. The old thinking that it is the people or the products that makes the company money, and IT is only there to support is an archaic view of business in the 21st century. Businesses needs to understand that their IT infrastructure is on the same level of importance of their employees, and all businesses are more than happy of spending the bulk of their budget on labour costs. The mentality needs to change. With this change, businesses would be much more willing to spend more money on proper IT infrastructure and get their businesses geared to live on the internet. It is imperative!

Conversely, IT people need to understand this disparity in language between business and IT, and IT people need to learn to talk in better terms with business owners. Most corporate leaders understand a certain language filled with terminology and concepts that does not gel well with normal "IT speak". I've seen plenty of IT people present amazing solutions, only to get shot down by businesses because they could not translate it to tangible business terms the normal CEO can understand. It's a matter of conveying the purpose of the system, not the actual system itself. You cannot impress a business by giving it a laundry list of all the new features and how much more effective a business can run. The cost doesn't warrant the need at all. But, create the need through the purpose of the system, and get buy-in through that, and most CEO's would invest in the system no problem.

It's a battle long going I've seen and one that I've been actively been part of on both sides. The answer is not a simple one, but one businesses needs to work towards if they ever hope of getting their IT structures in lined with best practices.
 
Back
Top