Over Half of Firms Run Outdated Flash
A majority of enterprises around the world are exposing themselves to unnecessary risk by failing to stay up-to-date with the latest software and systems, according to new data from Duo Security.
The security vendor analyzed 4.6 million endpoints across multiple geographies and endpoints.
It found 13% were running unsupported versions of Internet Explorer, while the number running out-of-date Flash software increased from 42% in 2016 to 53% in 2017.
Some 21% of endpoints are running version 126.96.36.199 of Flash, which had 11 listed critical vulnerabilities published in February 2017, the report claimed.
On the plus side, the number of Windows 10 installations more than doubled, from 15% last year to 31%, although that still leaves the majority of enterprises using older versions of the OS.
Some 40% of EMEA endpoints were on Windows 10, versus 31% in North America and 37% in the UK.
However, in healthcare, the percentage of endpoints running XP actually increased from 2% to 3%, which doesn’t bode well considering the elevated risk of ransomware infections and HIPAA compliance requirements.
When it came to the mobile device sphere, Duo found that nearly three-quarters (73%) of iPhones are running the latest OS.
However, only 27% of Android owners could say the same – a fact which can partially be explained by the more complex ecosystem in which individual handset makers are responsible for issuing updates.
The report explained:
“Monthly patches for Android devices do protect against known vulnerabilities, but each new major OS version also adds security features to proactively protect users. Both are important pieces that help complete the security puzzle.”
As the recent WannaCry ransomware outbreak highlighted, prompt patching is still one of the best ways organizations can reduce cybersecurity risk.
Yet many organizations running mission critical environments can’t afford the downtime necessary to patch quickly, especially without prior testing. Embedded systems in particular can cause complications which mean many IT managers persist with out-of-date systems.
Source: Information Security Magazine