Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Thousands of Firms Fail to Update Software on Most Computers: Study

An analysis of 35,000 companies from more than 20 industries across the world showed that many of them are at risk of suffering a data breach due to their failure to ensure that the software running on their computers is up to date.

An analysis of 35,000 companies from more than 20 industries across the world showed that many of them are at risk of suffering a data breach due to their failure to ensure that the software running on their computers is up to date.

The study conducted by cybersecurity ratings company BitSight focused on Apple and Microsoft operating systems, and the Firefox, Chrome, Safari and Internet Explorer web browsers.

The research showed that more than 50 percent of computers in over 2,000 organizations run an outdated version of the operating system, and over 8,500 companies have failed to update Web browsers on more than half of their machines.

Looking at each of the analyzed industries, BitSight found that the education and government sectors had the highest usage rate of outdated operating systems and browsers. Nearly 40 percent of computers used in the education sector and more than 25 percent of devices in the government sector had been running outdated operating systems, particularly outdated versions of Mac OS.

The fact that public sector organizations have done a poor job at protecting their systems is not surprising, and even U.S. President Donald Trump called for government agencies to take measures in his recent cybersecurity executive order.

At the other end of the chart we have the legal and energy sectors, which had the fewest devices running outdated software.

“Given that the Energy sector provides critical infrastructure services, organizations in this sector should maintain their proactive approach to security,” BitSight said in its report. “Despite its top performance, researchers found that more than 120 companies in this sector were running out-of-date or unsupported operating systems and more than 400 companies were observed to have greater than 33 percent of Internet browsers out-of-date. This represents a gap in security and presents an opportunity for hackers to exploit weaknesses in this critical sector.”

Outdated OSs and browsers in each sector

As for how long it takes organizations to apply patches, BitSight determined that it takes most companies, on average, more than a month to update to the latest version of macOS Sierra. Researchers found that in late March, over two months after version 10.12.3 was released, roughly 40 percent of firms had still been using an older version.

Advertisement. Scroll to continue reading.

In the case of Windows, more than 60 percent of analyzed PCs were running Windows 7 or earlier, including XP and Vista, which no longer receive updates from Microsoft.

Related Reading: DHS Used Outdated, Unpatched Systems

Related Reading: Overwhelming Majority of Android Devices Don’t Have Latest Security Patches

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...