Outdated software is now a bigger threat than weak passwords, bring-your-own-device (BYOD) and unsecured USB sticks, according to a new study.
27% of enterprises spend, on average, at least a month before installing vital security patches, data shows. Among businesses with over 100,000 computer terminals, the figure is 45%. At the same time, 13% of large businesses have given up on actively managing software distribution and are asking employees to update their own systems.
The survey conducted by enterprise content delivery company Kollective gauges responses from 260 IT managers, leaders and decision makers. The results indicate that many US businesses are failing, gravely, to meet industry expectations on network security.
37% of IT managers say “failure to install updates” is the biggest security threat of 2018, placing outdated software at the top of the threat pyramid, above password vulnerabilities (33%), BYOA / BYOD (22%) and unsecured USB sticks (9%).
The researchers found that failure to install updates stems from a combination of slow testing procedures and an inability to distribute updates automatically at scale – i.e. lack of infrastructure.
“With a growing number of applications being left out of date, today’s businesses are creating their own backdoors for hackers, botnets and malware to attack,” according to Dan Vetras, CEO of Kollective.
Other findings include:
- 66% of organizations can’t automate their update software distribution
- 81% of IT teams can’t deploy software updates when they first arrive
- 52% of those in large enterprises must wait at least 7 days before installing vital security patches
- 25% of companies delay updates due to network scaling issues
- 21% of IT managers say they don’t have the budget to overhaul the organization’s IT infrastructure
- 46% of IT teams have no plan to manage updates served as part of Microsoft’s upcoming “Windows as a Service” model