Outdated Software
Common Security Mistakes
Some things, like wine, cheese, and your parent’s words of wisdom, get better with age. But software certainly doesn’t. Outdated computer operating systems and web browsers can expose organizations private data and put them at serious financial risk.
Updating your software isn’t just about getting new features - it’s predominantly about keeping your system safe and working correctly. By the time you receive a software patch, it’s almost certain that somebody’s already found a way to exploit the thing it’s patching. Over the last year, BitSight conducted a survey of more than 35,000 companies across different industries and countries to gain insight on the use of outdated operating systems and web browsers, the latency between update releases and user updates of their systems, and how these practices correlated to data breaches. Help Net Security shared some of the survey’s key findings:
Over 2,000 organizations run more than 50% of their computers on outdated versions of an operating system, making them almost three times as likely to experience a publicly disclosed breach.
Over 8,500 organizations have more than 50% of their computers running an out-of-date version of a web browser, doubling their chances of experiencing a publicly disclosed breach.
More than 25% of the computers used in the Government sector were running outdated macOS or Windows operating systems, with nearly 80% of these outdated systems comprised of macOS.
In March of this year, two months before the WannaCry ransomware attack, nearly 20% of computers examined in this report that were running Windows were using Windows Vista or XP, both of which did not have a patch available and are no longer officially supported by Microsoft.
A month after each macOS Sierra point release is announced, more than 35% of companies fail to upgrade to the latest version, potentially exposing the systems to vulnerabilities during that time.
As Lewis Carroll put it so well in Alice in Wonderland, “it takes all the running you can do, to keep in the same place.” Software maintenance is a constant race against threats. Organizations must run as fast as they can just to keep up with those threats. And keeping their software up to date must become a priority if they want to stay in the race at all.
Given the necessity of constant updates, it is counterproductive and even shocking to see software providers put up barriers to this indispensable maintenance. Many security services leverage software updates as ongoing fees. This creates a burden on those who do prioritize security, and incentivizes others to let it slip.
How can we help? To better serve users, BitFlip’s Labs has created a model where updates download automatically with no additional fees to the user. Your software is always as up to date as possible with no room for human error and no burden on you to make sure it’s been done.
