Whilst the research, conducted by OnePulse for RiskIQ, found that 80% of individuals in the UK who access pirated content on these devices do consider the personal security risks of doing so, such as a malware infection, 4 in 10 (40%) do not consider the security implications for their organisation when accessing this content.
Pirate sites are an easy way of distributing malware so it should be a major concern for corporate security teams that so many individuals dont consider the security implications of accessing pirated content, commented Ben Harknett, VP EMEA at RiskIQ. At RiskIQ we undertook a study of piracy sites for the Digital Citizens Alliance which revealed that individuals who stream or download pirated content online are 28 times more likely to get malware than those who use legitimate services to obtain content. For corporate security this is a 28 times higher risk of malware making its way into the corporate network from employees own devices.
From the piracy sites studied by RiskIQ, 33% had at least one malware incident within the 4 week period studied, whilst 20 of the piracy sites exposed 3 in 4 (75%) visitors to malware.
Of the malware found 45% was drive by downloads, where the visitor to the site doesnt need to click on anything after arriving on the page, infecting users silently and often going completely undetected. The remaining 55% of malware lured users with prompts to download flash or anti-virus updates.
Its predominantly cost and accessibility which is driving Brits to risk these malware riddled sites and access pirated content. The most popular reasons given for downloading or streaming pirate content are because its free (23%), its available before paid (13%), the belief that all content should be free (12%) and that the content people are trying to access is not available any other way in the region (10%).
Graeme Grant, Head of Internet Anti-Piracy Operations at IFPI said, “Research conducted by IFPI and its national groups, has shown that cyber criminals have used content, such as music, as a way to compel users to download malicious applications. Once installed, many users unwittingly grant the malicious application excessive permissions thereby allowing an attacker to gain access to information on the device which could compromise the security of both the user and the corporation. Our own findings have been corroborated by the study that RiskIQ has carried out, showing that there is a definitive need for businesses to prevent user access to pirated content and those applications that facilitate such access.”
Harknett continued: With these motivators for accessing pirate content and the blurred line between work and personal devices unlikely to change any time soon, organisations need to be educating their employees on the cyber risks of using pirate content sites and the potential consequences to the organisation.