Firms ‘failing to install security updates’
Dubai, April 28, 2013
Although there are dedicated technologies which can automatically download and install security updates, these are rarely used – even by companies that have implemented client system management tools, a report said.
Only 35 per cent of all companies automatically install updates, according to a recent study by market research specialists B2B International. Meanwhile, cybercriminals often use unpatched vulnerabilities in outdated software to penetrate a company’s IT infrastructure.
Cybercriminals use a popular tool – exploits – to achieve these goals. Exploits are malicious objects that use vulnerabilities in operating systems and applications to infect computers.
These exploits are often used to launch attacks on companies since even corporate security solutions often struggle to detect and destroy them. A good way to forestall threats is to eliminate vulnerabilities as fast as possible by installing software patches. However, it can be difficult for many companies to install updates promptly on a large number of workstations, the study noted.
B2B International surveyed over 5,000 high-ranking IT managers working for different companies all over the world on behalf of Kaspersky Lab, a top IT security company.
Among other questions, the study asked about the use of any technology to automatically install updates on corporate workstations. The findings were surprising: even among companies with client management systems in place, only 35 per cent used this technology.
Updates are generally designed to enhance software performance and stability. From a security standpoint, they are even more important – updates can eliminate vulnerabilities which might allow cybercriminals to infect corporate workstations.
Here, the speed with which updates are installed is just as important as installing the update in the first place: the sooner the IT department updates vulnerable software on all corporate workstations, the less likely it is that cybercriminals can launch a successful attack exploiting a vulnerability.
Incidentally, cybercriminals tend to choose the most widespread programs as an attack medium, the study said.
According to Kaspersky Lab data, Java is the most popular with cybercriminals: 50 per cent of all exploits in 2012 targeted this platform. Adobe Acrobat Reader is the second most popular, with a share of 28 per cent. These are standard pieces of software installed on huge numbers of corporate workstations – and that means it’s not just a few machines, but most of the computers on any given network that are at risk.
To ensure that updates are downloaded and installed with absolute timeliness and regularity, one option would be to invest heavily in IT man-hours, manually installing every upgrade on every machine.
This, of course, is both costly and potentially unreliable, the study said.
Neglecting the problem entirely, on the other hand, is likely to weaken corporate security and could potentially lead to serious losses for the business. Implementing a dedicated automation tool is a far more practical solution, according to the study. – TradeArabia News Service
More IT & Telecommunications Stories
- Cyber threats focus of Bahrain security talks
- Bahrain tech expo to honour innovators
- Scope ME named distributor for InfoWatch
- Nawras quadruples 3G+ mobile services
- Menatelecom expands bill paying network
- Du joins new global cable consortium
- Kuwait moves to create telecoms watchdog
- Batelco backs Royal Fund for Martyrs
- Egypt's Global Telecom posts $749m Q4 loss
- Red Hat launches open source BPM suite
- Batelco announces new board
- Batelco offers improved broadband
- You don't own phone numbers, warns TRA
- Tech giants back top Qatar ICT event
- Du to provide wifi access in public areas
- Zain finalises $800m, five-year loan facility
- Ooredoo Q4 net profit falls 36pc to $140m
- Mobily, Etisalat team up for LTE roaming
- Batelco approves $84m dividends for 2013
- Etisalat Q4 profit rises 70pc to $394m
- Kenya telecom firm to join Etisalat SmartHub
- Aruba appoints new sales director
- Du enters $1.17 billion financing deals
- VIVA extends 4G LTE offer
- Batelco to update students with latest technologies
- Etisalat SmartHub seals IPX agreement
- Etisalat picks Alcatel for LTE network expansion
- Boeing, QCRI host machine learning forum
- Mobily provides 4G LTE international roaming
- Viva Kuwait, Huawei to set up innovation centre