Two reports recently reported that more than half of all devices were running out-of-date and therefore, insecure software.
eSecurity Planet reported on a study by Duo Security that took a look at 2 million internet-connected devices belonging to their customers and found out-of-date components on half of the devices included old operating systems, browsers and plug-ins, that accessed corporate applications, exposing not just the user but the entire enterprise to risk. Duo Security, a cloud-based secure access provider, collected the data from its own customer base.
The Duo research found that 80 percent of the devices scanned were using Flash, while 32 percent of employees were running older unpatched versions of Microsoft’s Internet Explorer. In addition, 22 percent of the scanned devices were running outdated versions of Java.
According to the Hewlett Packard Enterprise’s Cyber Risk Report for 2016, vulnerabilities in applications at least a year old are increasingly being targeted by hackers rather than servers or operating systems. The report said 75 percent of all mobile apps scanned by HPE had at least one vulnerability considered severe.
Duo’s report said organizations lack proper visibility into the software patch levels running on end-point devices.
“There is a lot of noise in the market about threat intelligence and zero day attacks, among other crazy stuff,” Devata said. “Our view is that if you do some basic things well, you can reduce the risk significantly.”