Out of date systems still present a major enterprise risk

Businesses increasingly face threats from within, but traditional security models are based around protecting a network from outside attacks.

A new report by trusted access specialist Duo Security looks at the new threat landscape where companies need to be able to verify the identity of users and the integrity of devices. It finds that while things are looking up, failure to keep systems up to date is still presenting a major risk for many organizations.

Among the findings is that 31 percent of endpoints are now running the latest Windows 10, compared to last year’s 15 percent. Enterprises are slowly migrating to the most up-to-date and secure version two years after its release.

However, 13 percent of endpoints are browsing dangerously on an unsupported version of the Internet Explorer browser that is no longer receiving security updates. The percentage of endpoints running an out-of-date version of Flash has increased too, from 42 percent in 2016 to 53 percent in 2017, meaning more than half of enterprise endpoints are not protected against the latest known vulnerabilities.

There's a similar picture with mobile, with only 27 percent of Android phones running the latest major version 7 (Nougat). The picture with iPhones is better, with 73 percent running iOS 10 or above.

"The theme that emerged as we did the analysis was about patching, whether people are patching and how quickly. This is especially timely given the WannaCry attack that targeted out of date systems," says Kyle Lady, senior R&D manager at Duo. "Over the past year we've seen improvement in Windows 10 adoption, but it’s not great given the OS is two years old."

Among other findings highlighted is the continued success of phishing. Duo’s analysis of 3,575 simulated phishing campaigns conducted in the past 12 months from Duo Insight, with more than 80,000 recipients, found that 62 percent of campaigns captured at least one credential and 68 percent had at least one out-of-date device.

Of those receiving the emails, 44 percent of recipients opened the message and 25 percent of recipients clicked the link, while 13 percent entered their username and password). The results also showed 13 percent of recipients use out-of-date browsers and 17 percent running out-of-date operating systems.

You can find out more in the full 2017 Trusted Access Report on the Duo website.

Photo Credit: Pixelbliss/Shutterstock