If more than half of an organization's endpoints are outdated, its chances of experiencing a breach nearly triples.
These findings underscore the seriousness of the risk posed by outdated software, browsers, and operating systems. The fact is, failing to update your software doesn’t just mean you won’t have the latest version—it means you could expose your organization to major security vulnerabilities.
Here are five risks organizations may incur if your systems aren’t kept up to date.
5 Risks Of Outdated Or Unsupported Software, Browsers, & Operating Systems
One of the major risks of outdated systems is a ransomware attack. After the WannaCry outbreak—which hit more than 160,000 computers around the world—BitSight researchers found that more than 67 percent of the computers affected by WannaCry were running Windows 7. You can read more about WannaCry’s global impact and the implications therein in this article.
Devices connected to your network could be more integral to your business than you think—which means that a virus on such a device could cause a major business disruption. The potential for this may be largely based on industry. For instance, if you’re in the healthcare sector, updating a particular device’s operating system could break the system. Consider this: if an MRI machine is running an outdated operating system and becomes infected with a worm, it could cause a major disruption that impacts your business.
3. Third Party Risk
While it’s critical to look within your organization for outdated systems, it’s just as important to assess your third parties. For example, if one of your vendors manages critical data for your business and accesses your network using an outdated browser, that vendor could be inadvertently exposing your (or your customers’) data to risk.
This is where BitSight can help. Traditional questionnaires and other third-party assessments may give you an idea of how your vendors operate, but it’s difficult to verify the accuracy of this information. Security Ratings use externally observable data to determine if your vendors are using outdated endpoints, so you can be sure that your data remains safe and secure.
4. Outdated Mobile Device Risk
It’s inevitable: The more your business grows, the more employees you have—and the more mobile devices get connected to your network. If one of these mobile devices is running on an outdated operating system or using an outdated browser, the security of your corporate network is weakened. You must establish a continuous monitoring strategy to ensure that your employees are not using outdated mobile devices to access critical information on your network. Furthermore, you can use solutions like BitSight to gain insight into the mobile device versions used by third parties with access to your company’s critical data.
5. Internet Of Things Risk
As more IoT devices are created and connected online, monitoring the version of their operating systems will become increasingly important. In fact, in August 2017, a bipartisan group of senators introduced legislation addressing internet-embedded objects (known collectively as the Internet of Things, or IoT). According to Reuters, “The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.” Whether or not this bill passes, its very creation highlights the criticality and importance of outdated software and systems.
Download A Growing Risk Ignored: Critical Updates
As indicated in the five risks outlined above, the criticality of updates cannot and should not be ignored. That’s why BitSight’s team of data researchers examined more than 35,000 companies from over 20 industries around the world to find correlations between outdated software (as well as browsers and operating systems) and data breaches over the last year. Download this BitSight Insight Report today to learn more and keep your organization protected.