Some things do get better with age, like wine and cheese for example. But something that doesn’t get better with age are computer operating systems and internet browsers. In fact, outdated systems can actually expose an organisation’s data, putting them at a higher risk of threat. BitSight conducted a survey of more than 35,000 companies from industries across the world to understand the “usage of outdated computer operating systems and internet browsers, the time it took to update operating systems once a new release was made available, and how these practices correlate to data breaches,” stated Help Net Security in early June.
Over a period of 8 months, researchers from BitSight observed over 1.5 billion network actions, focusing on Apple and Microsoft operating systems, and Internet browsers including Firefox, Safari, Chrome, and Internet Explorer. Help Net Security shared the survey’s key findings:
- Over 2,000 organizations run more than 50 percent of their computers on outdated versions of an operating systems, making them almost three times as likely to experience a publicly disclosed breach.
- Over 8,500 organizations have more than 50 percent of their computers running an out-of-date version of an Internet browser, doubling their chances of experiencing a publicly disclosed breach.
- More than 25 percent of the computers used in the Government sector were running outdated MacOS or Windows operating systems, with nearly 80 percent of these outdated systems comprised of macOS.
- In March of this year, two months before the WannaCry ransomware attack, nearly 20 percent of computers examined in this report that were running Windows were using Windows Vista or XP, both of which did not have a patch available and are no longer officially supported by Microsoft.
- A month after each macOS Sierra point release is announced, more than 35 percent of companies fail to upgrade to the latest version, potentially exposing the systems to vulnerabilities during that time.
These key finding show that organisations and businesses either deem updated an unnecessary expense or choose to keep using what they’re using because if it’s fit for purpose then why change it only because it’s old?
Unfortunately, however, just because it works like it used to, doesn’t mean users should continue to use it, as outdated software no longer offers security protection against cyber attacks, leaving security holes and data exposed to cyber threats.