Growing numbers of British workers are putting businesses at risk of malware infection by using the same devices to access corporate networks and illegal pirate content, according to a new survey from security firm RiskIQ.
The survey found that a shocking six in ten (59%) Brits who use personal devices for work also use the same device for streaming or downloading pirated content.
A recent report by the Digital Citizens Alliance revealed that one in three piracy websites contain malware.
That malware is a huge business for piracy sites: Google's Transparency Report shows There are some 4,865 sites that have reached 1,000 or more copyright infringing URL removal requests in the past year. Projecting the earnings from the 229 sites in the sample group to this broader universe suggests that these content theft sites may be generating roughly $70m in revenue per year.
> See also: Revealed: the criminal ecosystem behind a DDoS attack
From the piracy sites studied by RiskIQ, 33% had at least one malware incident within the four week period studied, whilst 20 of the piracy sites exposed three in four (75%) visitors to malware.
80% of employees say they consider the security risks to their personal devices, such as a malware infection, but four in ten (40%) do not consider the security implications for their organisation when accessing this content.
'At RiskIQ we undertook a study of piracy sites for the Digital Citizens Alliance which revealed that individuals who stream or download pirated content online are 28 times more likely to get malware than those who use legitimate services to obtain content,' said Ben Harknett, VP EMEA, RiskIQ.
'For corporate security this is a 28 times higher risk of malware making its way into the corporate network from employees own devices.'
Of the malware found, 45% was 'drive by' downloads: where the visitor to the site doesn’t need to click on anything after arriving on the page, infecting users silently and often going completely undetected. The remaining 55% of malware lured users with prompts to download flash or anti-virus updates.
It’s predominantly cost and accessibility which is driving Brits to risk these malware riddled sites and access pirated content. The most popular reasons given for downloading or streaming pirate content are because it’s free (23%), it’s available before paid (13%), the belief that all content should be free (12%) and that the content people are trying to access is not available any other way in the region (10%).
> See also: Hackers have been winning the cyber battle for far too long
'Research conducted by IFPI and its national groups, has shown that cyber criminals have used content, such as music, as a way to compel users to download malicious applications,' said Graeme Grant, head of Internet Anti-Piracy Operations at IFPI.
'Once installed, many users unwittingly grant the malicious application excessive permissions thereby allowing an attacker to gain access to information on the device which could compromise the security of both the user and the corporation. Our own findings have been corroborated by the study that RiskIQ has carried out, showing that there is a definitive need for businesses to prevent user access to pirated content and those applications that facilitate such access.'
With these motivators for accessing pirate content and the blurred line between work and personal devices unlikely to change any time soon, advised Harknett, organisations need to be educating their employees on the cyber risks of using pirate content sites and the potential consequences to the business.