Businesses With Outdated Software More Vulnerable to Attacks

Share Article

Businesses With Outdated Software More Vulnerable to Attacks

A new report analyzed over 35,000 companies from industries around the world, and found that a surprising number of companies continue to run outdated and unsupported operating systems and web browsers. The report, entitled "A Growing Risk Ignored: Critical Updates," revealed that over 2,000 businesses run more than half of their computers on outdated versions of operating systems, and more than 8,500 companies have more than half of their computers running outdated versions of web browsers. This triples and doubles, respectively, the likelihood of data breaches.(1)

The study found that over 25 percent of computers used in government offices were running outdated versions of macOS or Windows; nearly 80 percent of these outdated systems were macOS. Furthermore, more than a third of companies don't bother to do the monthly macOS updates.(2)

As cyber criminals continue to exploit outdated systems to carry out massive attacks, it's become important for companies to assess not only the number of outdated endpoints on their networks, but also the networks of their trusted third parties who have access to sensitive data.

Timothy Crosby, senior security consultant with Spohn Security Solutions, suggests that all users periodically update their cyber security programs and systems, and ensure that they have the latest browsers on their computers and smartphones. Spohn's broad client base includes companies of all sizes. Crosby says, "It's vital that companies—especially small businesses—keep their systems up-to-date to prevent widespread attack. Hackers are always going to try to exploit any deficits in older systems. Not updating when recommended by your software is like leaving your computer's front door open so that burglars can walk right in."

Using outdated software is an invitation to hackers. "Cyber attacks can occur at any time. The latest WannaCry ransomware hit(3) highlighted this very serious security problem, and if companies don't insist that their employees keep all systems updated, more cyber attacks are likely," said Crosby.

A similar study by Duo Security examined the activity of 4.6 million endpoints across multiple industries and locations, along with over 3,500 simulated phishing campaigns, looking for the latest possible data on overall security health. The study found that 13 percent of endpoints use an outdated version of Internet Explorer, and three-quarters of state and local government offices are using macOS versions which are over two years old. And it doesn't stop at our desktops—Duo also found that only 27% of Android phones are running the latest major OS version, compared to 73% of iPhones operating on iOS 10 or above. This difference is likely due to the fact that many Android devices are dependent on both manufacturers and carriers to roll out updates, which can slow down the timing of patches.(4)

Spohn Consulting, Inc., an Austin, Texas-based privately held company established in 1998 by Darren L. Spohn, is an authority in navigating Fortune 500 companies and medium to small businesses through the security business challenges of the 21st Century. Spohn Consulting works with organizations to assess their information security posture (the security status of an enterprise's networks, information and systems based on identification and authorization resources—the people, hardware, software, policies and capabilities in place to manage the defense of the enterprise and to react as the situation changes), offers customized instructor-led training, and sells telecom services. Utilizing varied scopes of engagement, it delivers recommendations which can be measured against best practice or compliance standards.


1.    Sue Marquette Poremba. "Out of Date Operating Systems Increase Breach Risks."  IT Business Edge. 9 June, 2017. IT Business Edge.

2.    BitSight Insights Report "A Growing Risk Ignored: Critical Updates: Exploring the Prevalence of Outdated Systems and Their Link to Data Breaches." BitSight Technologies. 2017

3.    Technologies, BitSight. "BitSight Insights: A Growing Risk Ignored: Critical Updates." BitSight,

4.    Duo Security. "New Study from Duo Finds Millions of Devices Running Out-of-Date Systems, Despite Latest High Profile Breaches." Market Wired. 5 June 2017.

Media Contact: Karla Jo Helms, JoTo PR, 888-202-4614,

News distributed by PR Newswire iReach:


SOURCE Spohn Consulting

Share article on social media or email:

View article via:

Pdf Print