Outdated operating systems triple the risk of a data breach
The recent WannaCry attack has highlighted the dangers of running out of date and un-patched systems.
New research by security ratings company BitSight has released a new report showing that organizations with more than 50 percent of their computers running outdated versions of an operating system are more than three times as likely to experience a breach. In addition those with more than 50 percent of their computers not running the latest version of an internet browser are more than twice as likely to experience a publicly disclosed breach.
The public sector is especially vulnerable, with more than 25 percent of computers used in the government sector running outdated macOS or Windows operating systems, with nearly 80 percent of these outdated systems comprised of macOS.
"The WannaCry attack brought to light the threat posed by outdated systems on corporate networks. Our researchers found that thousands of companies across every industry are using endpoints with outdated operating systems and browsers. Research and analysis of organizational endpoint configuration and vulnerabilities suggests that unless companies begin to take a proactive approach to updating their systems, we may see larger attacks in the future," says Stephen Boyer, co-founder and CTO of BitSight. "Endpoint information, made available in the BitSight Security Ratings portal, can serve as a key metric for executives, board members, insurers, and security and risk teams to understand and mitigate the risks of their insureds or their vendors."
The analysis of more than 35,000 computers in companies around the world shows that in March of this year, two months before the WannaCry ransomware attack, nearly 20 percent of computers running Windows were using Windows Vista or XP, both of which did not have a patch available and are no longer officially supported by Microsoft.
A month after each macOS Sierra point release is announced, more than 35 percent of companies fail to upgrade to the latest version, potentially exposing the systems to vulnerabilities during that time.
More information on the findings is available in the full report on the BitSight website.