Companies can no longer do without digital in their daily activities. However, the apps and software they use, and even develop themselves, may contain security holes that are easy to exploit in one way or another by malicious people. According to CESIN’s 2022 Corporate Cybersecurity Barometer, 54% of French companies have experienced at least one cyberattack in 2021.
When a company is the victim of a cyberattack, its financial health can very quickly be compromised. Not to mention the cost of paying the ransom, a simple interruption of activity or even a degradation of the computer hardware can alone cost him dearly. Many studies converge to say that the average cost of a cyberattack on the 500 largest companies in the world between 2021 and 2021 was approximately $4.35 millionaround 4.27 million euros.
In the digital sector, companies also face risks that come on top of “classic” cyber threats that can affect the proper functioning of their activities, such as software fraud or data theft. Here again, the financial and legal consequences can be just as catastrophic as those associated with a ransom demand or DDos attack.
So they are all now concerned with the same question: How do we anticipate these risks and deal with cyberattacks?
In terms of anticipating and managing IT risks, in addition to solutions dedicated to protecting workstations and IS (ITDR, IT, etc.), it is necessary to think about the security aspect of software and data. , which combines technical and legal protection measures. Because cyber security also involves real legal issues, which are often overlooked.
Cyber Threats: What are your business risks?
Today, 90% of software developed by companies integrate open source bricks. To develop a personal executable program, there is no point in reinventing everything when the source code is on the Internet and works perfectly.
In France, it is often referred to Free software. But this is confusing because, in fact, these programs are not free of rights. Free software is available to developers and may be used, studied, modified, copied and distributed worldwide, sometimes without compensation. On the other hand, in all cases these open source bricks are bound by licenses. In other words, open source software is protected by copyright.
Before using open source bricks, it is necessary to check the existence of a license and take into account the terms of its use. The license may actually prohibit marketing and distribution of software including free source code or require that all code developed from open source bricks be donated free of charge to the community.
In terms of cybersecurity, incorporating open source into their code can be beneficial to a company, but not without risk. Useful because the source code is open and lists of vulnerabilities are readily available. Hence it can be detected more quickly and potentially patched by the developer community. But this assumes that the company that uses these open source components updates them regularly.
Whether or not it uses free software, a company must protect its application system to reduce the risk of cyberattacks. One of the priorities is the continuous identification and inclusion of source codes used or developed in their application system. This makes it possible to patch vulnerabilities more effectively and to anticipate risks of theft or intrusion. Other techniques, such as obfuscation, can be used to protect software, by spreading false or inaccurate information in order to hide relevant information from potential hackers.
For today’s company, securing the software and data you use is essential. The General Data Protection Regulation (GDPR) imposes very strict standards on companies when it comes to securing personal data in order to protect European users. CNIL punishes the leakage of personal data after a cyberattack and fines for non-compliance can reach €20 million or up to 4% of a company’s global annual turnover.
Risks of forgery and theft of source code
All software is at risk of counterfeiting and intellectual property theft. In France, the program can be protected by copyright without legal process, under Article L. 112-1 and Article L. 112-2 13° of the Intellectual Property Code. This legal protection is de facto automatic and occurs as soon as the work has been created by its author. It applies to 181 countries that are signatories to the Berne Convention (WIPO). But, to take action on the infringement, the company must be able to prove its ownership and authenticity of the software.
Therefore, it is advisable for rights holders to make a so-called trial deposit of software from the early stages of development in order to provide more accessible evidence of their rights in case of confirmed infringement. It makes it possible to materialize the content and developments of the program, to establish the date of creation and paternity at creation, etc.
Although not mandatory, software filing is recommended to anticipate the risks associated with intellectual property theft.
In conclusion, using the software has many legal and cyber risks that need to be anticipated. Various legal and technical means exist to protect their software-based activities and to ensure their sustainability. A cyberattack or infringement lawsuit results in significant costs that SMEs and startups cannot afford.
Tribune Posted by Fred Raynal, CEO/Founder of Quarkslab
<< اقرأ أيضًا: الأمن السيبراني ومجالس الإدارة: نحو قوة حقيقية للمراقبة >>>