System and application updates always seem to pop up at less than timely moments, and most of us postpone them without second thoughts, for days, weeks, months… However, these updates represent an essential piece of systems’ stability and safety, as they include functionality enhancements and patches to security holes.
By delaying them, users weaken their mobile devices’ resistance to attacks. Lately, a report conducted by Forbes Insights on behalf of BMC found that known vulnerabilities are the leading cause of data breaches, accounting for 44% of all such incidents.
Risks and consequences of running outdated OS and applications
On a regular basis, security holes are discovered in the code of operating systems and mobile applications. Once detected, companies quickly develop patches that they push to users through updates and simultaneously publish documents disclosing the vulnerabilities that existed in the former version.
Once made public, cybercriminals can exploit outdated device and application vulnerabilities for their own illicit gain. When exploited, a vulnerability can provide hackers with extended rights, such as consulting and exfiltrating data or communications.
The exploitation of an unpatched vulnerability can lead to system takeover and major data breaches in which confidential details (social security number, credentials, banking details…) are stolen in order to commit identity theft and fraud. Moreover, once perpetrated, these attacks generate bad press that damage organizations’ reputation, making it complicated for them to gain clients and users trust back.
Examples of cyberattacks that updates would have prevented
In 2017, the UK National Health Service was running outdated operating systems, making its whole framework and the data it handles highly vulnerable to hackers. This negligence has led to a breach that hit more than 200,000 victims, paralyzing the entire organization.
Later the same year, Equifax announced a data breach that exposed the sensitive personal information of 143 million US citizens. The data exfiltration was caused by the exploit of a known vulnerability within the application, that was identified months before the attack and for which a security patch had been published. The failure to update the software has allowed the attack to be carried on.
Even though it may be tempting to postpone them, OS and application updates should be installed as soon as they are available. Running up-to-date devices and apps is an important step toward data protection and is critical to mitigate the risk of data breach.
Pradeo Security Mobile Threat Defense provides organizations with tools to monitor the up-to-dateness of their fleet and applications used by their collaborators. The OS and application versions are clearly identified so that security measures can be implemented accordingly, thus preventing related threats.