Although there are dedicated technologies which can automatically download and install updates, these are rarely used – even by companies that have implemented client system management tools. Only 35% of all companies automatically install updates, according to a November 2012 study by market research specialists B2B International. Meanwhile, cybercriminals often use unpatched vulnerabilities in outdated software to penetrate a company’s IT infrastructure.
Cybercriminals use a popular tool – exploits – to achieve these goals. Exploits are malicious objects that use vulnerabilities in operating systems and applications to infect computers.
These exploits are often used to launch attacks on companies since even corporate security solutions often struggle to detect and destroy them. A good way to forestall threats is to eliminate vulnerabilities as fast as possible by installing software patches. However, it can be difficult for many companies to install updates promptly on a large number of workstations.
In November 2012, B2B International surveyed over 5,000 high-ranking IT managers working for different companies all over the world on qwebehalf of Kaspersky Lab.
Among other questions, the study asked about the use of any technology to automatically install updates on corporate workstations. The findings were surprising – even among companies with client management systems in place, only 35% used this technology.
Updates are generally designed to enhance software performance and stability. From a security standpoint, they are even more important – updates can eliminate vulnerabilities which might allow cybercriminals to infect corporate workstations. Here, the speed with which updates are installed is just as important as installing the update in the first place: the sooner the IT department updates vulnerable software on all corporate workstations, the less likely it is that cybercriminals can launch a successful attack exploiting a vulnerability.
Incidentally, cybercriminals tend to choose the most widespread programmes as an attack medium. According to Kaspersky Lab data, Java is the most popular with cybercriminals: 50% of all exploits in 2012 targeted this platform. Adobe Acrobat Reader is the second most popular, with a share of 28%. These are standard pieces of software installed on huge numbers of corporate workstations – and that means it’s not just a few machines, but most of the computers on any given network that are at risk.
To ensure that updates are downloaded and installed with absolute timeliness and regularity, one option would be to invest heavily in IT man-hours, manually installing every upgrade on every machine. This, of course, is both costly and potentially unreliable. Neglecting the problem entirely, on the other hand, is likely to weaken corporate security and could potentially lead to serious losses for the business. Implementing a dedicated automation tool is a far more practical solution.