Outdated software on BYOD devices puts business data at risk

When people used office workstations managed by the IT department it was relatively easy to manage security because there was a defined perimeter.

In the modern era of mobile devices and BYOD though security becomes much harder. Authentication specialist Duo Security has released a new report on the security health of user devices, based on data gathered from more than two million devices used by businesses worldwide.

Among its findings are that a quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer. Around two percent of Windows devices are running versions of the OS which no longer receive security updates, and half of all Windows XP devices are running either IE 8 or 7. This may expose unpatched Windows users to more than 700 known vulnerabilities.

Google's Chrome browser is the most up-to-date, with 82 percent of Chrome users on the latest version, compared to 58 percent of Edge and IE 11 users, and 66 percent of Firefox users. This is largely down to the way Google rolls out updates and new versions automatically to Chrome, without requiring approval from the user.

Flash and Java are major targets, used by attackers in exploit kits to gain access to machines. While critical Flash and Java vulnerabilities often prompt emergency vendor patches, users still run outdated software on the devices used to log into their company applications and this can put entire organizations at risk. The report shows 60 percent of Flash users are running an out-of-date version, while 72 percent have an outdated version of Java -- exposing them to hundreds of vulnerabilities.

Mac users are much more likely to be up to date than Windows users when it comes to their operating systems. This may be because Apple updates have historically been more stable than Windows updates, and also as new OS X versions are free and heavily promoted. Major Windows updates have developed a reputation for causing major problems in the past.

"Today obviously users can work from anywhere and more and more work on their personal devices," says Mike Hanley, director of Duo Security. "Approximately one in five access attempts for data comes from a mobile device for business use. This has a huge impact on security for organizations, because when you’re talking about BYOD most IT departments don't have visibility into the devices that are being targeted".

More details of the report's findings are available on the Duo blog and there's a summary in infographic form below.

Photo Credit: lucadp/Shutterstock