Vendor Risk Management

5 Risks Of Outdated Software, Browsers & Operating Systems

Joel Alcon | August 14, 2017

If more than half of an organization's endpoints are outdated, its chances of experiencing a breach nearly triples. 

These findings underscore the seriousness of the risk posed by outdated software, browsers, and operating systems. The fact is, failing to update your software doesn’t just mean you won’t have the latest version — it means you could expose your organization to major security vulnerabilities.

Here are five risks organizations may incur if your systems aren’t kept up to date.

5 Risks Of Outdated Or Unsupported Software, Browsers & Operating Systems

1. Ransomware

One of the major risks of outdated systems is a ransomware attack. After the WannaCry outbreak — which hit more than 160,000 computers around the world — BitSight researchers found that more than 67 percent of the computers affected by WannaCry were running Windows 7. You can read more about WannaCry’s global impact and the implications therein in this article.

2. Business Disruptions

Devices connected to your network could be more integral to your business than you think—which means that a virus on such a device could cause a major business disruption. The potential for this may be largely based on industry. For instance, if you’re in the healthcare sector, updating a particular device’s operating system could break the system. Consider this: if an MRI machine is running an outdated operating system and becomes infected with a worm, it could cause a major disruption that impacts your business.  

3. Third Party Risk

While it’s critical to look within your organization for outdated systems, it’s just as important to assess your third parties. For example, if one of your vendors manages critical data for your business and accesses your network using an outdated browser, that vendor could be inadvertently exposing your (or your customers’) data to risk.

This is where BitSight can help. Traditional questionnaires and other third-party assessments may give you an idea of how your vendors operate, but it’s difficult to verify the accuracy of this information. Security Ratings use externally observable data to determine if your vendors are using outdated endpoints, so you can be sure that your data remains safe and secure.

4. Outdated Mobile Device Risk

It’s inevitable: The more your business grows, the more employees you have—and the more mobile devices get connected to your network. If one of these mobile devices is running on an outdated operating system or using an outdated browser, the security of your corporate network is weakened. You must establish a continuous monitoring strategy to ensure that your employees are not using outdated mobile devices to access critical information on your network. Furthermore, you can use solutions like BitSight to gain insight into the mobile device versions used by third parties with access to your company’s critical data.

5. Internet Of Things Risk

As more IoT devices are created and connected online, monitoring the version of their operating systems will become increasingly important. In fact, in August 2017, a bipartisan group of senators introduced legislation addressing internet-embedded objects (known collectively as the Internet of Things, or IoT). According to Reuters, “The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.” Whether or not this bill passes, its very creation highlights the criticality and importance of outdated software and systems.

New Call-to-action

Download the Report: A Growing Risk Ignored: Critical Updates

As indicated in the five risks outlined above, the criticality of updates cannot and should not be ignored. Read the BitSight Insights report, A Growing Risk Ignored: Critical Updates, to learn about correlations between outdated software (as well as browsers and operating systems) and data breaches over the course of a year.



Do you know how secure your organization really is?

Request your Security Rating Snapshot report to find the gaps in your security program and see how your cybersecurity compares to industry averages. This report gives you insight into the risk vectors of your security posture including compromised systems, user behavior, and diligence vectors such as patching cadence, configurations, and more.

security rating snapshot

Suggested Posts

Third-Party Risk Management Best Practices for Enterprise

Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.


Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks

2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.


A Vendor Risk Management Questionnaire Template

IT Risk Assessment Questions for Third Parties

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said...


Subscribe to get security news and updates in your inbox.