Friday, February 26, 2016

Those software updates are more important than you think

Microsoft is ending support for old versions Internet Explorer.

Microsoft has announced that it will be going forward with its original plans to end support for older versions of Internet Explorer. Anyone running generations older than Internet Explorer 11 will no longer receive security updates. This should be a huge concern for anyone using these browsers. 

Hackers relish the end-of-support lifecycles companies go through with their software because it means they'll be given access to countless users who will either forget or refuse to update. Organizations like Microsoft are constantly going back and fixing bugs security weaknesses that they may have missed the first time around, which stops hackers from using these hiccups to their advantage. 

How many will be affected and what should they do?

The vast majority of Internet users will not be affected by this change, according to a graph from Net Market Share that was posted on Trend Micro's research blog. That said, roughly 20 percent of online individuals are currently using a version of Internet Explorer that will no longer be supported. Again, this might not be even close to a majority, but it is still a huge amount of the population. 

The Pew Research Center found that 84 percent of American adults can be considered Internet users. A separate report from the same firm found that only 7 percent of the American public only uses their smartphones to access the Internet, meaning a whopping 93 percent of users access online resources through a traditional computer. Smartphones don't run old versions of Internet Explorer, but desktops and laptops do, which means this nearly 20 percent of browsers being no longer supported by Microsoft is going to affect quite a large portion of Internet users. 

Although every single person within that 20 percent won't be successfully attacked by cyber criminals, it's important to remember that hackers often play the numbers game when attempting to infect machines. The Canadian Get Cyber Safe initiative found that of the estimated 156 million phishing emails hackers send out on an average day, only 80,000 end up being successful.

While phishing can be used to infect the computers of people that haven't updated their browser, the point here isn't that users of older versions of Internet Explorer will find themselves the victim of this exact scheme. Rather, this shows that cyber criminals won't be going after these people on a singular basis, opting instead to cast a wide net to reel in as much information as possible.

This should be a frightening notion to anyone using an older version of Internet Explorer, but there is a very easy solution that Trend Micro recommends: update the browser. It's an incredibly quick and simple fix, and newer generations can do quite a lot more than their older counterparts. 

What happens when people don't update?

On Oct. 3, 2012, IT administrators for the city of Naperville discovered a problem within their network. These professionals detected an intrusion into their system that had resulted in the breaching of 59 employee logins and passwords. According to the Chicago Tribune, the root cause for this cyber attack turned out to be a vulnerability in a content management system used by the city that had not been updated

Although the company behind the software said they had alerted the city about the vulnerability and told them to update, Naperville officials stated that no such message ever reached them. This lapse allowed a hacker to insert what looked like a photo file into Naperville's network. This file turned out to be a piece of malware that infected the entire system. 

Law enforcement officials did trace the origin of the attack back to The Netherlands, but the consensus is that a proxy server was used to hide the actual location of the person or persons responsible. The FBI was called in to investigate, with the whole debacle costing the city of Naperville $760,000. 

What to do?

This particular attack may not have come from an old browser, but it shows that not updating any piece of software can be extremely detrimental. Those messages people get from tech companies aren't meant to be an annoyance, but rather a sign that they might be in danger. Anyone putting off an update should absolutely follow through with it as soon as possible, and anyone still running an old version of Internet Explorer needs to upgrade to a better system. 

That said, certain companies don't have the luxury of updating their current web browser. To begin, businesses often keep with a strategy that has worked for them in the past, and this often translates to sticking with older machines. New versions of Internet browsers don't work too well with old computers, and upgrading could have a major impact on productivity.

To compound the issue further, updating every machine in an company's arsenal is a lot easier said than done. If the organization is large and utilizes a huge amount of computers for daily operations, completely revamping Internet browsers across the board is an incredibly expensive venture. Not only does this translate to lost productivity due to so many machines needing to be unusable for a time, it also means IT workers will have to set aside other tasks just to fix the problem. 

Thankfully, organizations can avoid this incredibly arduous implementation if they invest in a virtual patch strategy. This is basically a plan that allows administrators to fix vulnerabilities in systems such as Internet browsers, without having to completely revamp how they run their business's digital needs. Virtual patching lets companies continue their operations as usual, while also working to keep hackers at bay. 



from Trend Micro Simply Security http://ift.tt/1Up48GE
via IFTTT

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.