While vulnerabilities are inevitable in any software, regular patching and updates can minimize the risk of exploitation. That’s why users are always advised to install the latest software versions as soon as they are available, even if these updates can sometimes be difficult or a time-consuming task for organizations. However, a fresh study from Kaspersky revealed more than half (54%) of organizations in Southeast Asia (SEA) have work to do regarding this crucial task.
The recent Kaspersky report, ‘How businesses can minimize the cost of a data breach’ showed that 38% of SMBs (small and medium businesses) and a whopping 48% of enterprises from SEA are still working with unpatched operation systems. In addition, 33% of SMBs and 43% of enterprises from the region are still guilty of using out-of-date software.
“It may seem costly for companies to renew their software or opt for their legal versions especially at this time of an unprecedented crisis. It is, however, an investment which can save you money in the long-run. In fact, our research showed that enterprises using obsolete or unpatched systems will pay $437k more in case of a data breach, a 126% increase compared with the projected cost of $354K for those companies without such outdated technologies,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
SMBs in SEA can also save 9% of the attack costs if they use updated and legal software, with $94k being the toll of a single data breach against a small-to-medium-sized organization with obsolete operating systems.
Aside from the additional cost in case of a data breach, almost half (49%) of both SMBs and enterprises from the region also admitted to experiencing cyberattacks because of unpatched vulnerabilities in the software applications and devices they use. This is nine percent more than the global average of 40%.
The top reasons why organizations in SEA remain guilty of using such tools are:
- Some line employees refuse to work with new software and devices, so we made an exception for them (57%)
- We have in-house apps that cannot run on new devices or operating systems (52%)
- They belong to C-level staff and we exclude them from our update plan (45%)
- We don’t have enough resources to update everything at once (17%)
In order to save money and minimize the risk of data breaches as a result of software vulnerabilities, Kaspersky suggests the following measures:
- Ensure the organization is using the latest version of its chosen operating systems and applications, with auto-update features enabled so that the software is always up to date.
- If it is not possible to update software then organizations are advised to address this attack vector through smart separation of vulnerable nodes from the rest of the network, along with other measures.
- Enable the vulnerability assessment and patch management feature in an endpoint protection solution. This can automatically eliminate vulnerabilities in infrastructure software, proactively patch them and download essential software updates.
- It is important to boost security awareness and practical cybersecurity skills for IT managers, as they are at the frontline of IT infrastructure updates. A dedicated Security for IT Online training course can help.
- For critical IT or operational technology systems, it is important to always be protected regardless of any available software updates. This means they should only enable activity that is predetermined by the purpose of the systems. KasperskyOS supports this concept of cyber-immunity and can be used to build IT systems that are secure by design.
Kaspersky’s report, “How businesses can minimize the cost of a data breach”, is the second part of the IT Security Economics 2020 series and is available here.