The risks of not keeping up with software updates

Posted by Johnny Kromer on 05 Dec 2019 2:30:00 PM

Software updates are a simple security task that can often be overlooked. Not updating your software exposes your business and its operations to vulnerabilities that could cost money in the long run.

Updating software is a critical function of an IT administrator. Keeping software up to date reduces the risks of malfunctions, hacking, business loss, and business closure. Software updates usually come with security patches. In essence, the software company would have realised that their system has vulnerabilities and want to close them. Once the updates are released it is prudent to update immediately. A key reason for this is that hackers study the security patches from the latest updates to find out the weak points of old versions and immediately build code to specifically attack those versions (this is a common tactic particularly with Windows software). After that, your software can be compromised by simply viewing a rogue website, opening a compromised message, or playing infected media. Once they have cracked your software, hackers will have access to contact information, banking accounts, employee records, and more.

Software updates also come with productivity benefits. They can install new features which increase its performance, for example improved speed and system stability.

77% South African CIOs recognised that the biggest shortcoming in cyber-security preparedness was outdated software. If software is not updated, it can result in the following risks:

1. Ransomware risk

There is a lot of valuable information stored on devices and these are prime targets for hackers. By exploiting a software vulnerability, hackers can access your sensitive data and simply encrypt them. This will make your software impossible to use unless you pay the hacker a ransom, and there’s no guarantee that you will get back access to your data even if you pay the ransom.

According to Mimecast's 2019 Report, 42% of South African organisations experienced a ransomware attack in the past 12 months, compared to 23% in the prior 12 months.

2. Business disruption risk

Devices and machines are now digital and run on software. This has made them more efficient, accurate, and effective at what they do. Should a virus attack the device and render it unusable, then the business will lose money. Think of the medical equipment in a hospital not working or factory robots having a bug, any down time means lost production and revenue.

South African Banking Risk Information Centre (SABRIC) released statistics showing that in 2018, 23 466 incidents across banking apps, online banking, and mobile banking amounted to R262 826 888 in gross losses.

3. Compromised third party risk

Keeping your software updated is great, but your security concerns should not end there. You should also think about the risk that third parties bring to your business. If your business has outsourced a function to a vendor, who then has to access your systems to operate it, then the vendor's security becomes a part of your security. If the vendor's security is lax and they do not update, then viruses and hackers can access your system through theirs. According to Comparitech, 13.4% of the desktops in SA are infected with malware.

The principle also works the other way round. A lax approach to security can expose your clients to your compromised devices. Having robust security protocols becomes essential to your service delivery, so that customers do not suffer attacks on your account.

4. Outdated mobile device risk

Mobile devices are ubiquitous and versatile instruments, the fact that they are always on our person makes them very handy for doing work. This has become more pertinent with the rise of remote work. Although there are huge advantages to this, it does create another access point for attacks. The operating software and browser of the mobile device can be a vulnerable point if they are not kept up to date. Comparitech estimates that nearly 10% of mobile devices in South Africa have malware.

5. Risk from internet of things (IoT)

IoT devices are varied and numerous, it can be hard to keep track of all of their software updates but it’s necessary. Since it’s a new technology, users usually do not have the routine or habit of checking for their updates. The weakness is also compounded by the sheer number of these devices.


Click here to take our tech audit and we will help you find out if your current technologies are up to date.


End of life risk

Due to the nature of the IT industry, workstations, servers, and phones eventually start to operate slowly, stop receiving operating system updates, and/or fall out of warranty. This requires IT departments to proactively upgrade their infrastructure and software regularly, but sometimes this isn't done for various reasons. No matter the reason, it exposes the organisation to security threats. End-of-life software carry the following dangers:

  • Vulnerable security, as there will be no more security fixes (patches) being issued by the software provider.
  • Software will be incompatible with new applications since they are usually optimised for the most recent operating systems and software. This will leave you with legacy applications which are likely outdated and lack the productivity edge of newer applications. 
  • Compliance and regulation may become an issue if your organisation handles a lot of sensitive customer, business, industry, and national data. Old software may not be able to keep up with the compliance demands and could result in big fines, company shutdowns, or jail time.
  • Maintaining  post end-of-life software can be expensive. The skills necessary to run and manage the legacy systems can become scarce along with the parts for the hardware. For example, running Microsoft Server 2003 can be more expensive than upgrading. 
  • Old software and hardware usually have poor performance and reliability issues. They are more prone to breakdowns which can lead to long downtimes.

Windows users are notorious for not being able to move on once Microsoft ends a product cycle, for example a lot of users are still on Windows XP and Windows Server 2003. Whatever comfort they find in using something familiar or costs they save by not upgrading is dwarfed by the security risks they face. As technology advances, so do the hackers' tools and methods; so without Microsoft issuing updates and patches, legacy systems users are exposing their organisation to attackers. Users of outdated tech also lose out on productivity as software vendors stop making products compatible with old tech.

What you need to know about Windows updates

Because of all the constant risks from hackers, Microsoft is continually updating the Windows operating system and finding new ways to ensure security especially across ActiveX, Internet Explorer, .NET Framework, or the main platform. And here’s something you might not know - even if you don’t run any of this software, you’re system will still be at risk if you don’t update them. 

Why? Because they are installed on your system, which means, while it’s prudent to have anti-malware and anti-aircraft software, it might not be sufficient protection from the security hole of not updating your software.

Important updates to Windows

We know that you’re probably used to the operating system you currently have and that updating to a new version might seem like a change you’re not ready for. But for some of you, this change is going to be inevitable, because in 2020, Windows will end support for;

  • Windows 7, 
  • Windows 10 Mobile, 
  • Windows SQL Server 2008 and 
  • SQL Server 2008 R2.

Although Windows 7 support will be extended for customers willing to pay, the charges are structured such that it makes more economic sense to simply upgrade. And if you’re thinking, “oh well, I don’t really need the support” that’s up to you. But remember, if your unsupported system is attacked, there will be no way to get your data back.

Conclusion

Updating your software should be a security and productivity priority. The risks of not updating your software could cost your organisation a lot of money or result in it being closed down by regulators. There are no real long-term cost benefits of not closing security loopholes, or depriving the organisation of new feature installations. IT administrators must regularly update the software and systems that are part of their network. In the end, you’ll save time and money by simply updating and using a service provider who offers a robust user adoption solution.

Do you need assistance in making sure that your current software and technologies are up to date. Click on the link below to get in touch.

Contact Us

Topics: Adoption and Change Management

Subscribe Here!

New call-to-action

Recent Posts

Cloud technology audit