ANN ARBOR — New research from the Ann Arbor-based access security developer Duo Security found that many devices used by businesses are running outdated software that could be open to hundreds of security threats.
The analysis of more than two million devices used by businesses around the world found that 25 percent of all Windows devices are running outdated and unsupported versions of Internet Explorer, which leaves those unpatched systems open to more than 700 vulnerabilities.
Duo research also reveals that 72 percent of Java users are running an out-of-date version, compared to 60 percent who have an outdated version of Flash. Both Flash and Java are notorious targets, used by attackers in exploit kits to gain access to their machines. Duo research indicates that users still run outdated software, Flash, and Java on devices used to access company applications, putting entire organizations at risk of data breaches.
Duo’s data analysis found that Mac users are more up to date than Windows users when it comes to operating systems. Fifty-three percent of Apple users are running either the fully patched, latest version of OS X, or the previous version, compared to 35 percent of Windows users on Windows 10 and 8.1. Apple users may be more likely to update their operating systems because these updates have been known to be stable. In addition, new OS X versions are also free and heavily promoted by Apple.
While the full findings are concerning, mitigating these issues at an enterprise level is manageable, said Mike Hanley, director of Duo Labs.
“Organizations need visibility into the health of all devices accessing their business applications,” Hanley said. “Each of these outdated devices poses a significant risk to a company. Visibility and insight will help better protect organizations against breaches.”
Duo Security recommends these steps to strengthen an organization’s security hygiene:
* Embrace the Bring Your Own Device (BYOD) trend and prepare for it by providing IT administrators with actionable data on device ownership and health to enable risk-based access control decisions.
* Enable automatic updates for as much software as possible instead of relying on employees to manually install updates.
* Switch to Google Chrome browsers in your organization. Chrome receives automatic and frequent updates.
* Disable Java and prevent Flash from running automatically on corporate devices.
* Use a trusted access solution with both two-factor authentication and endpoint visibility features to verify both users and devices.
Duo Security clients include Etsy, Facebook, K-Swiss, The Men’s Wearhouse, NASA, Paramount Pictures, Random House, Toyota, TripAdvisor, Twitter, Yelp, Zillow, and more.