As we have seen recently in Australia with large scale identity theft from hackers, cyber security is becoming ever more challenging for any PC user. It applies at all levels, from people using their devices for entertainment, working from home, or the desktops in the office.
The importance of this increases for businesses of all scales, but resource-strapped SMEs are the low-hanging fruit for attackers. As they’re not able to afford a large, dedicated IT security team, they need to rely on a combination of their channel partners, as well as the security built into the software solutions that they deploy.
Unfortunately for them, this means that unlicensed software isn’t just a challenge or headache. It’s a potentially business-ending risk they are exposed to.
Statistics show that four in ten Australian SMEs have fallen victim to cyber attacks since the COVID-19 pandemic began in 2020. This costs them a critical loss in reputation, clients, and employees, as well as the monetary costs to repair systems or pay ransomware actors (of which there was no guarantee that they would retrieve their data).
In the US, around 60 per cent of small businesses go out of business after a successful cyber-attack. Whilst there isn’t any data on what percentage of Australian SMEs might experience the same fate, it’s easy to see how the costs and damage caused by an attack can be a business-ending event.
The cost of unlicensed PCs
For channel organisations that operate in the SME space, one of the challenges is in explaining the value of properly licensed PCs and equipment. However, by understanding the motivations of SMEs, those partners can add real value to their customers by talking them out of the risky shell PC approach.
SMEs typically purchase shell PCs as a way of deploying a fleet of hardware at a minimal upfront cost. However, Microsoft data shows that the global cost of malware on shell PCs is $US4 billion annually. Incorrectly licensed PCs are far more vulnerable to:
- Programs for password and credential theft
- Programs that record keyboard use
- Programs that allow criminals to take control of your computer
- Unwanted advertising programs
Furthermore, genuine copies of Microsoft software have security systems and ongoing security updates from Microsoft that are not available through illegitimate copies of the software.
This lack of understanding on the true risks involved with shell PCs is supported by government research. In 2019, the Australian Cyber Security Centre (ACSC) conducted research on SMEs that found that “Australian SMBs know cyber security is important regardless of how they rate their understanding of cyber security. However, they face significant barriers when attempting to implement good cyber security practices. These barriers include a lack of dedicated staff with an IT security focus, the complex field of cyber security, challenges in understanding and implementing security measures, underestimating the risk and consequences of a cyber incident, and a gap in planning for, and responding to, cyber incidents.”
In short, SMEs know they need help, and aren’t necessarily aware of where the security threats are coming from. In many cases, they are purchasing shell PCs completely unaware of what this potentially exposes them to.
The role of the channel in supporting SME security
SMEs are not going to be able to improve their IT security position by themselves. Australia faces a severe skills shortage, and the limited number of IT security professionals available are too expensive for SMEs to bring onboard.
Instead, those SMEs are relying on their partners to help them adopt a best practices approach to security. In addition to being open to the risk management value of purchasing genuine licenses, Microsoft also believes that channel partners will benefit from framing genuine licenses as a long-term cost saving.
According to research by IDC, where a genuine license will cost around $100 per PC, non-genuine OS’s cost companies around $650 over the lifespan of a PC. Given that “lower costs” is the main reason cited for SMEs to invest in shell PCs with non-genuine OS’s, the channel partner simply needs to better educate the customer on acquiring genuine OS devices for them to immediately bolster their security environment.
“The prevalence of shell PCs in the market and in the installed base of organisations drives home the fact that for some percentage of companies, the perceived benefit around acquiring shell PCs and installing non-authentic versions of Windows Pro is worth the risk,” the IDC report noted. “But that perception is not reality.” Microsoft has, in the past, invoked legal proceedings that have resulted in significant penalties for resellers of non-genuine software on shell PCs, both in the A/NZ region and globally. This security concern is only going to become more pronounced among SMEs, especially as the news fills with even more horror stories of wide-scale data theft from major corporations. Furthermore, that same IDC data shows that “better security” ranks as the best reason to invest in genuine OS’s. The channel has a big opportunity here, to help explain the risks and costs of non-genuine software, help to audit the SME’s environment, and then provision licensed – and more secure – computers for their customers.
For more information on the benefits of genuine licensing of Microsoft OS’s, click here.