More Than Half of SMB Devices Run Outdated Operating Systems

  /     /     /  
Publicated : 23/11/2024   Category : security


More Than Half of SMB Devices Run Outdated Operating Systems


66% of devices in small-to midsized businesses are based on expired or about-to-expire Microsoft OS versions, Alert Logic study found.



New research underscores security weaknesses in small-to midsized businesses including a dependence on antiquated Microsoft operating systems, encryption misconfigurations, poor patching regimes, and reliance on outdated Exchange 2000 email servers.
The findings, published this week by Alert Logic, demonstrate how resource-strapped SMBs increasingly are vulnerable in the face of todays cyber threats.
Some 66% of SMB devices surveyed run Microsoft OS versions that are expired or will expire in the next six months. The majority of devices scanned by Alert Logic for the study currently run Windows versions that are more than 10 years old. Microsoft will discontinue support for Windows 7 and Windows 2008 Server on January 14, 2020.
What we suggest is for [SMB] security pros to read the report, understand it, and then take the findings to their management so business executives can better understand why its important to make an investment in security, says Jack Danahy, senior vice president for security at Alert Logic. If they even do one thing, focusing on patching will make a big difference. They should also put a mitigation control in for better monitoring.”
Alert Logic also found other weak security practices by SMBs:
Encryption misconfigurations
According to the Alert Logic research, 42% of SMB security issues are related to encryption. While automated patching has helped to reduce the frequency of vulnerabilities, configuration remains a major issue. This includes misconfiguring SSL encryption, not configuring Amazon S3 buckets properly, and providing improper access credentials to employees.
Poor patching practices
75% of unpatched vulnerabilities among SMBs are more than one year old, according to the research. While automated updates have improved software patching, organizations are still having difficulty keeping up with all the updates.
Reliance on antiquated email servers
More than 30% of SMB email servers operate on unsupported software, according to the
research
. Despite email being the lifeblood of most companies, almost one-third of the top email servers detected were running Exchange 2000, which Microsoft stopped supporting nearly 10 years ago. 
Frank Dickson, research vice president at IDC who focuses on security, adds that there are four practical steps that SMB can take to avoid security mishaps: make sure the companys operating systems and applications are current; patch regularly; download all the updates (new versions of software); and use some form of multifactor authentication, whether its a finger scan, facial recognition, or an iris scan.
So many of the problems can be solved by taking some common sense steps, he says.
AlertLogics Danahy adds that many of the same problems existed 20 years ago, but people were less familiar with security issues.
While I do think people underappreciate the complexity of an organization changing their operating system, I think were at a point where people are starting to look at security differently, Danahy says. The SMB folks recognize that security has become a serious challenge.
Related Content:
ADT Teams Up with SonicWall for SMB Security Services
9 SMB Security Trends
Small Businesses Turn to Managed Service Providers for Security
Cyber Readiness Institute Launches New Program for SMBs
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the 
conference
 and 
to register.
 
 
 
 

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
More Than Half of SMB Devices Run Outdated Operating Systems