When it comes to cybersecurity you can never be 100 percent protected but certain measures can be taken to mitigate the risk, including proper backups, training and updating software. You may think it’s a no brainer but thousands of organizations do not follow these simple guidelines.
One of the key ways to protect valuable systems and data is by simply having a proper backup procedure in place. Employee training is also an important part of cybersecurity. Employees are often considered the weak link. Surprisingly however, new research shows that thousands of organizations run the majority of their computers on outdated operating systems. Failing to update computer software can double your chances of a data breach, according to cybersecurity company BitSight, who issued a new report titled, “A Growing Risk Ignored: Critical Updates.”
The BitSight study analyzes more than 35,000 companies from industries across the globe over the last year, to better understand the usage of outdated computer operating systems and internet browsers, the time to it took to update operating systems once a new release was made available, and how these practices correlate to data breaches. The data shows that there are large gaps in asset management programs across the globe.
Organizations must be more vigilant about limiting their attack surface by more rapidly addressing exploitable vulnerabilities, BitSight warns based on its findings.
Specifically, the study conducted by BitSight showed that more than 50 percent of computers in over 2,000 organizations run an outdated version of the operating system, and over 8,500 companies have failed to update Web browsers on more than half of their machines. Many of these organizations are at risk of suffering a data breach due to their failure to ensure that the software running on their computers is up to date.
The research is focused on Apple and Microsoft operating systems, and the Firefox, Chrome, Safari and Internet Explorer web browsers. Researchers study over 1.5 billion observations over a period of eight months.
According to BitSight, the conclusion of this research coincides with “WannaCry,” a strain of ransomware that affected over 300,000 computers worldwide. Despite the availability of a critical patch months prior to the attack, many companies neglected to download the Microsoft update.
“The WannaCry attack brought to light the threat posed by outdated systems on corporate networks. Our researchers found that thousands of companies across every industry are using endpoints with outdated operating systems and browsers. Research and analysis of organizational endpoint configuration and vulnerabilities suggests that unless companies begin to take a proactive approach to updating their systems, we may see larger attacks in the future,” said Stephen Boyer, co-founder and CTO of BitSight.
The BitSight report finds that the education and government sectors had the highest usage rate of outdated operating systems and browsers. Nearly 40 percent of computers used in the education sector and more than 25 percent of devices in the government sector had been running outdated operating systems, particularly outdated versions of Mac OS. The legal and energy sectors had the lowest rate with around 10 percent running out-of-date or unsupported operating systems and out of date Internet browsers out-of-date.
In other study findings, some 20 percent of computers examined in this report that were running Windows were using Windows Vista or XP, both of which are no longer officially supported by Microsoft.