Cybersecurity firm F-Secure says exploits that target unpatched software are one prominent online threat that businesses are failing to address.
Cybersecurity firm F-Secure says over 70 percent of businesses continue to leave themselves open to attacks by failing to update their software. The finding is surprising given the availability of security solutions that can help businesses control and manage software updating within their companies.
A recent alert from the United States Computer Emergency Readiness Team warns that up to 85 percent of targeted attacks are preventable by following simple security precautions, most notably keeping software updated with the latest security patches.*
However, many businesses continue to neglect the importance and value of updating their software. A recent F-Secure survey** found that only 27 percent of companies have a patch management solution. The problem was particularly evident in France, where only 15 percent of respondents said their companies had a tool to manage software updates. On the other hand, 46 percent of Nordic companies had a patch management solution, making them better prepared to protect their company assets against threats designed to capitalize on software vulnerabilities.
According to Timo Hirvonen, F-Secure Senior Researcher, the reluctance of businesses to commit to software updating shows how out of touch many companies are with the contemporary threat landscape. “Many people feel that updating software is just a hassle that can break applications or cause other problems, but it’s actually the other way around. Criminals count on people ignoring security patches, so they work pretty hard to develop exploits targeting the vulnerabilities exposed by those patches. Then they execute their attacks before people install the update, so what you have is a whole attack strategy relying on people using unpatched software.”
F-Secure Labs reported an 82 percent increase in exploits targeting a Flash-based vulnerability that was disclosed after the Hacking Team data breach last July***. Hirvonen said that it’s surges in activity like this that make exploits such prominent security concerns, and why timely and diligent software updating is so important.
Businesses looking to implement a robust security solution that includes patch management can use protection software such as F-Secure’s Business Suite. Business Suite’s latest release features an updated version of F-Secure’s award-winning Client Security that combines automated patch management with additional security tools to help companies manage and control the risks posed by exploits and other online threats.