Browser patch lag can put home workers at risk
Remote working continues to present a security problem for businesses and an issue that is often overlooked is the delay in patching browsers.
New research from Menlo Security looks at the importance of this issue for both desktop and remote users, focusing particularly on Google Chrome.
"In 2020 we saw a resurgence of ransomware attacks, increase credential phishing campaigns and new and novel attacks targeting cloud assets and resources," says Menlo Security's director of security research, Vinay Pidathala, writing on the company's blog. "Browsers have become even more powerful and are increasingly being used to access new applications and cloud resources, which also increases their importance in cybersecurity."
Chrome has the biggest share of the market so naturally it's a target for hackers, but Menlo’s research finds significant numbers of users still running old versions of the browser. For example, while Chrome 87 was released on November 17, it took at least a month for customers to start updating their browsers. It wasn't until December that Chrome 87 saw adoption rates of close to 84 percent.
The finance and banking, government, construction, and oil and gas sectors are most likely to apply patches early and be consistent in they patching cycles. This is also true of certain geographies, notably North America and Singapore.
Interestingly take up of Chrome 88 -- released in January of this year -- has been faster, possibly due to the recent SolarWinds breach raising awareness of the importance of updates.
You can read more on the Menlo blog.