This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Only 6 in 10 firms say their software is always up-to-date

Share this article:

A new report from F-Secure reveals that most companies lack the resources to update legacy applications, with this potentially being a serious security risk.

Slow start for cyber attack rescue service
Slow start for cyber attack rescue service

Drawing on data from its 2013 annual report, the security vendor says that, whilst 94 percent of SMBs (small- to mid-sized businesses) think it is important to keep software updated, only 59 percent of companies report that their software is always up-to-date. 

Perhaps more surprisingly, only 63 percent of businesses say they have enough resources to keep their software updated. 

The key question is why they lack these resources. The report hints at the answer when it says that SMBs are spending an average of 11 hours a week on software updates. On top of this, the larger the company, the more time that the firm spends on patches and updates. Interestingly, businesses with more than 250 employees are reported as spending more than 15 hours a week on updates. 

According to Pekka Usva, F-Secure's VP of corporate security, even the time companies do spend on updates only touches the tip of the iceberg. 

“A common misconception is that the problem is the operating system," he said, adding that operating systems are fairly well maintained and updated. 

"The real problems are third party applications for both business and personal use – Skype, Adobe Reader, browsers with various plug-ins and Java, to name a few," he explained. 

F-Secure says that 70 to 80 percent of the top ten malware detected by its F-Secure Labs research operation could have been prevented with up-to-date software. 

One of the most interesting take-outs from the research is that some SMBs are not only embracing BYOD (bring your own device), but are also allowing staff to use their own software on the company's computers. F-Secure claims that almost half of the 805 respondents to its survey tolerated staff using their own software. 

Researchers found that this was particular true of smaller companies, with 56 percent of firms of less than 50 employees allowing the use of personal applications, falling to 39 percent of firms with 250 or more employees. 

Delving into the research reveals that two-thirds (67 percent) of companies that allow staff to use their own software also expect the employee to update their applications themselves. This percentile rises to a hefty 81 percent among businesses of under 50 employees. 

The report also notes that just 30 percent of respondents worked at companies where the firm only took care of Microsoft software updates. 

Commenting on the research - which took in responses from companies of up to 500 employees in size across eight countries (covering the UK, Europe and the US) - Professor John Walker of Nottingham-Trent University's School of Science and Technology, said this is an issue that crops up in companies time and again. 

"It's all too common - and in some cases it's about the poor controls in place within organisations to get the latest updates out," he said, adding that, in other instances, it is often about the internal processes that require the use of testing for updates before installing them on a businesses' critical IT systems. 

"And then of course, there are the SMEs who don't always have the in-house support to get to all their systems updated in a timely manner," he said. 

"However, one fact that is always close to hand is the problem that, even as soon as an update is delivered, there is an argument to say that the update itself is out of date," he added. 

Walker, who is also director of CSIRT and cyber forensics with Integral Security Xssurance, went to say that this problem is most notable where anti-virus software is concerned, as it also tells us that yesterday's technology no longer delivers anything like the silver security bullet for which IT professionals are constantly searching. 

"If anything, with outdated software, the silver bullet tends to take on more of a tarnished bronze tinge," he explained.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Shellshock: Millions of servers under attack

Shellshock: Millions of servers under attack

In the wake of Shellshock, end-users and security managers race to patch web servers and desktops, but may be forgetting vulnerable embedded devices.

Londoners agree to give child away in return for free WiFi

Londoners agree to give child away in return ...

Hundreds trapped and exposed by fake 'poisoned' WiFi hotspot.

Cybercrime-as-a-service the new criminal business model

Cybercrime-as-a-service the new criminal business model

A new report from Europol's European Cybercrime Centre (EC3) reveals that cybercrime is being increasingly commercialised, and by criminals who use legitimate services to hide their activities.