Share with your friends

Is your software safe from cyber-attack?

Is your software safe from cyber-attack?

Hackers are increasingly targeting software vulnerabilities as a way to get past the defences of organisations. How you can minimise the risk of cyber-attack in an age of heightened data privacy concerns?

Simon Bolton

Director – Software Asset Management and License Management

KPMG in the UK


Also on

Is your software safe from cyber-attack - cyber security shield

Cyber-attacks are an increasing threat and they come in a variety of forms. Malware and phishing expeditions are well-known as hackers’ favoured tools, but they are often using vulnerable software to launch attacks. Not only are incidents on the rise, but new rules such as Europe’s General Data Protection Regulation (GDPR) have raised the stakes by increasing the reputational and financial costs of a cyber-attack. Software asset management (SAM) is frequently overlooked, but yet it is essential in addressing these kind of risks.

So what are organisations doing to reduce these potential software vulnerabilities? In many cases, not enough. Many organisations simply don’t know what software their employees are using or which applications and systems they have access to. Keeping tabs on security threats is made more difficult by the millions of new lines of data being generated every day. And, it doesn’t stop at the doors of the organisation. You are also reliant on third-party suppliers and business partners maintaining secure controls and procedures.

Don’t assume these issues are covered by broader security programmes within the organisation. In many cases they aren’t.

Quite apart from the cyber threat to the organisation, there remains a clear commercial motivation to tighten up software management: because of their lack of focus on software licensing arrangements, most businesses have either bought licenses they don’t need or fail to buy software they do need. Software sellers who find companies without the correct licenses typically charge premium prices to correct the situation.

Is your company at risk? Ask yourself:

Do you know which users are using which applications?

  • Do you have clear, well-controlled processes for staff leavers and joiners, so that everyone has access only to the software and data they need/are authorised to use?
  • How confident are you that your company has the required licenses in place and is not paying for unnecessary licenses?

How secure is your software?

  • Are you concerned your company could be vulnerable from software hacking?
  • Are security settings correctly set on all your software? 
  • Do staff only have access to the most up-to-date/most secure version of software?

Making a difference by leveraging technology solutions

There are a broad range of technology solutions that can be leveraged to meet the challenges around SAM and license management, but companies can run into danger by thinking that buying technology will solve all their problems – when it is only part of the solution.

Our approach is to work with clients to understand their needs and then work closely with established technology solution providers, like Flexera, to help ensure clients maximise the benefits from these technology investments. And, by providing comprehensive insights into the risks associated with different software assets, we can help you to minimise your risks to data privacy from software hacking.

Getting ready for the future

Taking a strategic approach to investing in SAM, encompassing processes, people and leveraging technology to drive efficiency and effectiveness, will pay dividends in the long term. After all, if you don’t know who has access to what software, and therefore you don’t know who has access to what data, you and your customers could be at risk.

© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.

KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

Connect with us


Want to do business with KPMG?


loading image Request for proposal