Vendor Risk Management

5 Risks Of Outdated Software, Browsers & Operating Systems

Joel Alcon | August 14, 2017

If more than half of an organization's endpoints are outdated, its chances of experiencing a breach nearly triples. 

These findings underscore the seriousness of the risk posed by outdated software, browsers, and operating systems. The fact is, failing to update your software doesn’t just mean you won’t have the latest version — it means you could expose your organization to major security vulnerabilities.

Here are five risks organizations may incur if your systems aren’t kept up to date.

5 Risks Of Outdated Or Unsupported Software, Browsers & Operating Systems

1. Ransomware

One of the major risks of outdated systems is a ransomware attack. After the WannaCry outbreak — which hit more than 160,000 computers around the world — BitSight researchers found that more than 67 percent of the computers affected by WannaCry were running Windows 7. You can read more about WannaCry’s global impact and the implications therein in this article.

2. Business Disruptions

Devices connected to your network could be more integral to your business than you think—which means that a virus on such a device could cause a major business disruption. The potential for this may be largely based on industry. For instance, if you’re in the healthcare sector, updating a particular device’s operating system could break the system. Consider this: if an MRI machine is running an outdated operating system and becomes infected with a worm, it could cause a major disruption that impacts your business.  

3. Third Party Risk

While it’s critical to look within your organization for outdated systems, it’s just as important to assess your third parties. For example, if one of your vendors manages critical data for your business and accesses your network using an outdated browser, that vendor could be inadvertently exposing your (or your customers’) data to risk.

This is where BitSight can help. Traditional questionnaires and other third-party assessments may give you an idea of how your vendors operate, but it’s difficult to verify the accuracy of this information. Security Ratings use externally observable data to determine if your vendors are using outdated endpoints, so you can be sure that your data remains safe and secure.

4. Outdated Mobile Device Risk

It’s inevitable: The more your business grows, the more employees you have—and the more mobile devices get connected to your network. If one of these mobile devices is running on an outdated operating system or using an outdated browser, the security of your corporate network is weakened. You must establish a continuous monitoring strategy to ensure that your employees are not using outdated mobile devices to access critical information on your network. Furthermore, you can use solutions like BitSight to gain insight into the mobile device versions used by third parties with access to your company’s critical data.

5. Internet Of Things Risk

As more IoT devices are created and connected online, monitoring the version of their operating systems will become increasingly important. In fact, in August 2017, a bipartisan group of senators introduced legislation addressing internet-embedded objects (known collectively as the Internet of Things, or IoT). According to Reuters, “The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.” Whether or not this bill passes, its very creation highlights the criticality and importance of outdated software and systems.

New Call-to-action

Download the Report: A Growing Risk Ignored: Critical Updates

As indicated in the five risks outlined above, the criticality of updates cannot and should not be ignored. Read the BitSight Insights report, A Growing Risk Ignored: Critical Updates, to learn about correlations between outdated software (as well as browsers and operating systems) and data breaches over the course of a year.



Do you know how secure your organization really is?

Request your Security Rating Snapshot report to find the gaps in your security program and see how your cybersecurity compares to industry averages. This report gives you insight into the risk vectors of your security posture including compromised systems, user behavior, and diligence vectors such as patching cadence, configurations, and more.

security rating snapshot

Suggested Posts

Guide: Fourth-Party Cyber Risk & Management

In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party...


4 Ways to Minimize the Risk of a Third-Party Data Breach

Today, 59% of data breaches originate with third-party vendors. And, as globalization brings more interconnected supply chains, that number is anticipated to grow.


How to Develop a Vendor Cyber Risk Management Framework

Third-party vendors are an essential part of today’s business ecosystem. A study by Gartner finds that, in 2019, 60% of organizations work with more than 1,000 third parties and those networks are only expected to grow.


Subscribe to get security news and updates in your inbox.