Buy something, keep it long enough and, in time, it will become vintage: cool, unique and a throwback to days gone by. But while vintage works for fashion, furniture and cars, when it comes to business software, old is a blatant security risk. An F-Secure survey* shows that many businesses are risking company assets by using outdated software.
Ninety-four per cent of small and medium size businesses (SMBs) think it is important to keep software updated. However, this fails to carry over into practical results: Only 59 per cent of businesses report that their software is always up to date. And only 63 per cent say they have enough resources to keep software updated.
Keeping software up-to-date is a critical piece of the overall business security picture. Outdated software contains security flaws which cybercriminals can use as avenues to infiltrate the corporate network. Seventy to 80 percent of the top ten malware detected by F-Secure Labs could have been prevented with up-to-date software.
Software updates take time
Companies report spending on average 11 hours a week on software updates. The bigger the company, the more time is spent. Companies with less than 50 employees spend on average three hours per week, while companies with more than 250 employees spend over 15 hours.
Often, even the time companies do spend on updates touches only the tip of the iceberg, says Pekka Usva, vice president, Corporate Security at F-Secure. "A common misconception is that the problem is the OS – it's not. Operating systems are fairly well maintained and updated. The real problems are third party applications for both business and personal use – Skype, Adobe Reader, browsers with various plugins and Java, to name a few. Do you know what's been installed on your device?"
Meanwhile, the number of cyber attacks via vulnerabilities in outdated software continues to grow. And the time to create new variants of threats is counted in seconds, not days or weeks.
Employees use their own software
Employees are bringing their own devices, and almost half of all surveyed companies tolerate employees using their own software too. Smaller companies are more accepting of this trend: 56 per cent of companies with less than 50 employees allow it, versus 39 per cent of companies with over 250. In the UK, 43 per cent of companies accept employees installing their own software.
In two-thirds (67%) of companies, employees who use their own software must take care of software updates themselves – a risky policy, as people can't be relied on to always update software. In companies with less than 50 seats, four out of five (81%) employees must take care of their own updates. Thirty per cent of companies take care of Microsoft updates only.
Software Updater: the modern way of keeping software current
The only way to keep up with all the software updates on a company's computers and devices is to automate the process, says Usva. "Software makers release updates weekly, or at least monthly. Trying to keep up with all of these manually is a battle that's already lost. That's why every SMB needs automation with our Software Updater – it takes care of all security updates across the board, freeing up time and resources and keeping your business defences strong."
*F-Secure's Digital Company Survey 2013 consisted of web interviews of deciders and influencers of software purchases working at companies with up to 500 employees. Participants were from eight countries: Germany, Italy, France, the UK, Sweden, Finland, Poland and the USA. There were 805 respondents in total, with at least 100 per country. Respondents were 67% male and 33% female. The survey was completed by GfK in November 2013.