The recent WannaCry attack has highlighted the security risk involved in the use of out of date and unsupported operating systems and software. In their recent research, Bitsight, a security ratings company, has confirmed that the use of out of date computer systems and software correlates to data breaches.
According to the research, out of the 35000 companies, from different industries worldwide, analyzed, over 2,000 of them ran more than 50% of their computers on operating systems that are outdated. This makes them three times more likely to experience a data breach. Furthermore, another 8,500 of these organizations also ran outdated Internet browsers on more than 50% of their computers. This doubles their likelihood of data breaches.
This study focused on organizations using Apple OS and Microsoft Windows operating systems, in addition to Firefox, the Internet Explorer, Safari, and Google Chrome Internet browsers. This concludes those organizations that fail to update their operating systems triple their likelihood to suffer a data breach. Likewise, those with outdated internet browsers are twice as much likely.
According to the study, some organizations usually takes no less than a month before installing new updates of MacOS. These updates are usually used by Apple pre-empt known vulnerabilities. These delays in updating, therefore, leaves the organizations exposed to possible breaches.
Five possible risks posed by running machines on outdated or unsupported software, browsers, & operating systems, to the organizations
- Business Disruptions
- Third Party Risk
- Outdated Mobile Device Risk
- Internet of Things Risk
Similarly, most Windows users run outdated Windows software. The BitSight report indicated that in March, just two months before the WannaCry attack, nearly 50% of the computers in the report, used Windows 7. Another 20% Windows users in the study used Windows Vista or Windows XP.
The Wannacry ransomware attack which hit hospitals in the UK mainly targeted Windows users. According to Kaspersky Lab, over 95% of the victims were Window 7 machines. At the very beginning of the Wannacry attack, there was a major concern over Window XP users but apart from crashing XP machines, the code didn’t run.
In the Industry sector, more than 25% of government computers were reported to have outdated Windows or Mac OS platforms, out of this, a large 80% is Macs.
When it came to the use of outdated operating systems and internet browsers, the financial sector was not any better. Similar to healthcare and retail sectors, 15% of the computers in the financial sector ran outdated OSes and browsers. These findings surprised the researchers who established that, despite the fact healthcare and retail companies have a record of being more vulnerable to cyber-attacks, at some point, the financial sector may suffer from similar ransomware attacks due to their failure to update their systems.
The researchers recorded their concern over the use of outdated internet browsers given how easy it is to install updates on the browser. Some browsers, such as Google Chrome and Mozilla’s Firefox, run automatic updates by default. Others like Microsoft Edge and Apple’s Safari, on the other hand, are usually updated along with their corresponding operating systems. Thus, it is most likely that organizations using Edge and Safari browsers, and don’t update their operating systems, also use the old versions of these browsers.
In relation to this, the WannaCry ransomware attack in May, that shook the world to the core, would have had a less impact if organizations kept their software up to date. This is because the vulnerability in Windows which this ransomware had targeted to exploit had been patched by Microsoft back in March. In response to the widespread attack, Microsoft released a patch for Windows XP and Windows 8 and other legacy versions of the Windows OS, to counter the attack.
Indispensable Software that is not compatible with modern versions of operating systems is one of the legitimate reasons why some organizations make use of out-of-date Mac and Windows operating systems. These organizations are forced to decide between looking for alternative solutions or retaining the outdated versions of Windows and macOS. The last one is a hard decision to make as it leaves their systems vulnerable to breaches.
In addition, outdated operating systems can result to problematic outdated browsers. Most companies compound browser updates with new operating systems releases. Moreover, you may be required to use a modern version of OS in order to access the updated version of the browser.
The failure to update the operating system and browsers can be very dangerous. In addition to having new and exciting features, new updates are often released to protect users from vulnerability and exposure to data breaches. It is therefore important to install those to the operating systems or browsers to enhance security and to increase efficiency and productivity.
To emphasize the need to update software, browsers, and operating systems, here are five possible risks posed by running machines on outdated or unsupported software, browsers, & operating systems, to the organizations
The Wannacry ransomware cryptoworm attack in May, which affected more than 160,000 computers worldwide, is a good example. Findings indicate that more the majority of victims of Wannacry were Windows 7 users. It is therefore very important to update your systems to protect from ransomware attacks and to protect your data.
2. Business Disruptions
Most devices which are networked, have the potential of being affected by data breaches. More so if the device is vital to the day to day business operations, it can result in major disruptions that may have a negative impact on your business. For instance, in the health sector, a computer which contains patients’ medical records running on an old version OS getting a ransomware attack leading to data loss.
3. Third Party Risk
In addition to ensuring that the systems within your organizations are up to date, you should also be careful about your third parties. You should make sure that any third party who has access to critical information on your network uses a modern version browser to protect yourself from data risk.
4. Outdated Mobile Device Risk
In any business setting, most if not all employees will have mobile devices which, at one point, will get connected to your network. Thus, the security of your corporate network is at risk being compromised by a mobile device using an outdated browser or operating system. It is, therefore, necessary to come up with a strategy that will help you monitor your employees to make sure that they are not accessing critical data on your network using outdated devices.
5. Internet of Things Risk
Outdated software and systems running on Internet of Things (IoT) devices can compromise the security of the network. It is, therefore, necessary to monitor the version of their operating systems. In August 2017, a new U.S. Senate bill was introduced as one of the legislative steps to address IoT security concerns.
Updates are very critical and should not be ignored if you want to protect yourself, or your business, from attacks that exploit outdated software. It is important to perform a network audit to verify that all the software (as well as browsers and operating systems) used by your organization is up to date. A third-party consultant would be the fit for this. Get a reliable technology service provider to perform a network audit so as to come up with unbiased analysis and a possible solution on how you can eliminate weaknesses in your network. This will help to minimise data risk as a result of cyberattacks, like the WannaCry ransomware.