- Security TWENTY
- Women in Security
Keep something long enough and, in time, it will become vintage. But while vintage works for fashion, furniture and cars, when it comes to business software, old is a security risk. An F-Secure survey suggests that many businesses are risking company assets by using outdated software.
Ninety-four per cent of small and medium size businesses (SMBs) think it is important to keep software updated. However, this fails to carry over into practical results: Only 59 per cent of businesses report that their software is always up to date. And only 63 per cent say they have enough resources to keep software updated.
Keeping software up-to-date is a critical piece of the overall business security picture. Outdated software contains security flaws which cyber-criminals can use as avenues to infiltrate the corporate network. Seventy to 80 percent of the top ten malware detected by F-Secure Labs could have been prevented with up-to-date software, the IT security firm says.
Software updates take time
Companies report spending on average 11 hours a week on software updates. The bigger the company, the more time is spent. Companies with less than 50 employees spend on average three hours per week, while companies with more than 250 employees spend over 15 hours.
Often, even the time companies do spend on updates touches only the tip of the iceberg, says Pekka Usva, vice president, Corporate Security at F-Secure. “A common misconception is that the problem is the OS – it’s not. Operating systems are fairly well maintained and updated. The real problems are third party applications for both business and personal use – Skype, Adobe Reader, browsers with various plugins and Java, to name a few. Do you know what’s been installed on your device?”
Meanwhile, the number of cyber attacks via vulnerabilities in outdated software continues to grow. And the time to create new variants of threats is counted in seconds, not days or weeks.
Employees are bringing their own devices, and almost half of all surveyed companies tolerate employees using their own software too. Smaller companies are more accepting of this trend: 56 per cent of companies with less than 50 employees allow it, versus 39 per cent of companies with over 250. In the UK, 43 per cent of companies accept employees installing their own software.
In two-thirds (67 per cent) of companies, employees who use their own software must take care of software updates themselves – a risky policy, as people can’t be relied on to always update software. In companies with less than 50 seats, four out of five (81pc) employees must take care of their own updates. Thirty per cent of companies take care of Microsoft updates only.
The only way to keep up with all the software updates on a company’s computers and devices is to automate the process, says Usva. “Software makers release updates weekly, or at least monthly. Trying to keep up with all of these manually is a battle that’s already lost.”