SMEs Run Outdated & Vulnerable Operating Systems

Uploaded on 2019-07-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

New research underscores security weaknesses in small-to medium sized businesses, including a dependence on antiquated Microsoft operating systems, encryption misconfigurations, poor patching regimes, and reliance on outdated Exchange 2000 email servers.

The findings, recently published by Alert Logic, demonstrate how resource-strapped SMBs increasingly are vulnerable in the face of today's cyber threats.

Some 66% of SMB devices surveyed run Microsoft OS versions that are expired or will expire in the next six months. The majority of devices scanned by Alert Logic for the study currently run Windows versions that are more than 10 years old. 

Microsoft will discontinue support for Windows 7 and Windows 2008 Server on January 14, 2020.

"What we suggest is for SME security pros to read the report, understand it, and then take the findings to their management so business executives can better understand why it's important to make an investment in security," says Jack Danahy, senior vice president for security at Alert Logic. 

"If they even do one thing, focusing on patching will make a big difference. They should also put a mitigation control in for better monitoring.”"

Alert Logic also found other weak security practices by SMBs:

Encryption Misconfigurations
According to the Alert Logic research, 42% of SMB security issues are related to encryption. 
While automated patching has helped to reduce the frequency of vulnerabilities, configuration remains a major issue. This includes misconfiguring SSL encryption, not configuring Amazon S3 buckets properly, and providing improper access credentials to employees.

Poor Patching 
75% of unpatched vulnerabilities, among SMBs, are more than one-year old, according to the research. 
While automated updates have improved software patching, organisations are still having difficulty keeping up with all the updates.

Antiquated Email Servers
More than 30% of SMB email servers operate on unsupported software, according to the research. Despite email being the lifeblood of most companies, almost one-third of the top email servers detected were running Exchange 2000, which Microsoft stopped supporting nearly 10 years ago. 

Frank Dickson, research vice president at IDC who focuses on security, adds that there are four practical steps that SMB can take to avoid security mishaps: make sure the company's operating systems and applications are current; patch regularly; download all the updates (new versions of software); and use some form of multifactor authentication, whether it's a finger scan, facial recognition, or an iris scan.

"So many of the problems can be solved by taking some common sense steps," he says. Alert Logic's Danahy adds that many of the same problems existed 20 years ago, but people were less familiar with security issues.

"While I do think people underappreciate the complexity of an organisation changing their operating system, I think we're at a point where people are starting to look at security differently," Danahy says. "The SMB folks recognise that security has become a serious challenge."

Dark Reading

You Might Also Read: 

SMEs Risk Costs Of Up To $2.5m Following A Breach:

Most Cyber Insurance Claims Result from Human Error:

« Ten Reasons Why Senior Managers Need To Understand Cyber Security
AI Could Transform Submarine Warfare »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

APrivacy

APrivacy

APrivacy provides information and communication security products for the financial services industry.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

C11 Cyber Security & Digital Innovation Centre

C11 Cyber Security & Digital Innovation Centre

C11 is working with local and national partners to develop talent and bring brilliant minds and brilliant businesses together.

TAC Security (TAC Infosec)

TAC Security (TAC Infosec)

TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.