94% of SMBs think it is important to keep software updated. However, this fails to carry over into practical results: Only 59% of businesses report that their software is always up to date. And only 63% say they have enough resources to keep software updated.
Keeping software up-to-date is a critical piece of the overall business security picture. Outdated software contains security flaws which cybercriminals can use as avenues to infiltrate the corporate network. 70 to 80 percent of the top ten malware detected by F-Secure Labs could have been prevented with up-to-date software.
Software updates take time
Companies report spending on average 11 hours a week on software updates. The bigger the company, the more time is spent. Companies with less than 50 employees spend on average three hours per week, while companies with more than 250 employees spend over 15 hours.
Often, even the time companies do spend on updates touches only the tip of the iceberg, says Pekka Usva, Vice President, Corporate Security at F-Secure. “A common misconception is that the problem is the OS – it’s not. Operating systems are fairly well maintained and updated. The real problems are third party applications for both business and personal use – Skype, Adobe Reader, browsers with various plugins, and Java, to name a few. Do you know what’s been installed on your device?”
Meanwhile, the number of cyber attacks via vulnerabilities in outdated software continues to grow. And the time to create new variants of threats is counted in seconds, not days or weeks.
Employees use their own software
Employees are bringing their own devices, and almost half of all surveyed companies tolerate employees using their own software too. Smaller companies are more accepting of this trend: 56% of companies with less than 50 employees allow it, versus 39% of companies with over 250. Higher rates of acceptance are reported in Finland (53%) and Sweden (59%), and lower in Poland (30%) and France (36%).
In 67% of companies, employees who use their own software must take care of software updates themselves – a risky policy, as people can’t be relied on to always update software. In companies with less than 50 seats, 81% of employees must take care of their own updates. 30% of companies take care of Microsoft updates only.