MORE than half (54%) of organisations n Southeast Asia (SEA) are still using outdated software, disregarding the importance of minimising risks of exploitation.
According to a Kaspersky report, 38% of small and medium businesses (SMBs) along with 48% of enterprises from SEA are working with unpatched operation systems.
Additionally, 33% of SMBs and 43% of enterprises from the region are using out-of-date software.
“Although it may seem costly, but it is an investment that can save you money in the long-run. In fact, our research showed that enterprises using obsolete or unpatched systems will pay US$437,000 more in case of a data breach, a 126% increase compared with the projected cost of US$354,000 for those companies without such outdated technologies,” said Kaspersky general manager for Southeast Asia Yeo Siang Tiong.
Aside from the additional cost in case of a data breach, almost half (49%) of both SMBs and enterprises from the region also admitted to experiencing cyberattacks because of unpatched vulnerabilities in the software applications and devices they use. This is 9% more than the global average of 40%.
Some of the reasons why organisations are sticking to the older versions include:
- Some line employees refuse to work with new software and devices, so we made an exception for them (57%)
- We have in-house apps that cannot run on new devices or operating systems (52%)
- They belong to C-level staff and we exclude them from our update plan (45%)
- We don’t have enough resources to update everything at once (17%)
In order to save money and minimise the risk of data breaches as a result of software vulnerabilities, Kaspersky suggests the following measures:
- Ensure the organisation is using the latest version of its chosen operating systems and applications, with auto-update features enabled so that the software is always up to date.
- If it is not possible to update software then organizations are advised to address this attack vector through smart separation of vulnerable nodes from the rest of the network, along with other measures.
- Enable the vulnerability assessment and patch management feature in an endpoint protection solution. This can automatically eliminate vulnerabilities in infrastructure software, proactively patch them and download essential software updates.
- It is important to boost security awareness and practical cybersecurity skills for IT managers, as they are at the frontline of IT infrastructure updates.
- For critical IT or operational technology systems, it is important to always be protected regardless of any available software updates. This means they should only enable activity that is predetermined by the purpose of the systems. – March 27, 2021