BitSight, the Standard in Security Ratings, today released a new report titled, “A Growing Risk Ignored: Critical Updates,” analyzing more than 35,000 companies from industries across the globe over the last year, to better understand the usage of outdated computer operating systems and internet browsers, the time to it took to update operating systems once a new release was made available, and how these practices correlate to data breaches. The data shows that there are large gaps in asset management programs across the globe. Organizations must be more vigilant about limiting their attack surface by more rapidly addressing exploitable vulnerabilities.
The conclusion of this research coincides with “WannaCry,” a strain of ransomware that affected over 300,000 computers worldwide across banks, hospitals, telecommunications services, and train stations, while also disrupting the global supply chain network of many other critical services. Despite the availability of a critical patch months prior to the attack, many companies neglected to download the Microsoft update.
“The WannaCry attack brought to light the threat posed by outdated systems on corporate networks. Our researchers found that thousands of companies across every industry are using endpoints with outdated operating systems and browsers. Research and analysis of organizational endpoint configuration and vulnerabilities suggests that unless companies begin to take a proactive approach to updating their systems, we may see larger attacks in the future,” said Stephen Boyer, co-founder and CTO of BitSight. “Endpoint information can serve as a key metric for executives, board members, insurers, and security and risk teams to understand and mitigate the risks of their insureds or their vendors.”
Using evidence of security incidents from networks around the world, the BitSight Security Ratings Platform applies sophisticated algorithms to produce daily security ratings for organizations, ranging from 250 to 900, where higher ratings equate to lower risk. The foundation of this research is built on the company’s ability to accurately identify machine compromises, configuration and adoption of the latest patches, and user behavior across the Internet; and attribute that information to companies. To look at the spread of operating systems and Internet browsers, researchers studied over 1.5 billion observations over a period of eight months, focusing on operating systems from Apple and Microsoft, along with Internet browsers including Firefox, Chrome, Safari, and Internet Explorer.
To download a full copy of the BitSight Insights report, including recommendations based on the findings, visit https://info.bitsighttech.com/bitsight-insights-a-growing-risk-ignored-critical-updates-pr.
About BitSight Technologies
BitSight is transforming how companies manage information security risk with objective, verifiable and actionable Security Ratings. Founded in 2011, the company built its Security Ratings Platform to continuously analyze vast amounts of external data on security issues and behaviors in order to help organizations manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Seven of the top 10 cyber insurers, 80 Fortune 500 companies, and 3 of the top 5 investment banks rely on BitSight to manage cyber risks. For more information, please visit www.bitsighttech.com, read our blog or follow @BitSight on Twitter.