Article

The risks of not updating your software

NZI Business Hub

Many users are often reluctant to patch and update software when new versions are released, adopting a ‘if it ain’t broke don’t fix it’ mentality. However, this approach is far from best practise and could potentially leave your business vulnerable to a cyber-attack.

Software updates are important to your digital and cyber security and typically offer plenty of benefits. One of these benefits is the patching or removing of security flaws in the software. These security flaws are vulnerabilities which hackers often look to target and exploit – usually to the detriment of the end user or business.

Some of the world’s biggest ransomware attacks over recent years have specifically been created and designed to exploit and spread through these vulnerabilities. 

‘WannaCry’ ransomware cryptoworm is one of these attacks, targeting computers running a Microsoft Windows operating system through a known exploit. Microsoft had released patches previously to close the exploit, however many users had not updated their system or were running older, unsupported Windows systems leaving them at risk.

According to TechCrunch, after WannaCry was released it “spread like wildfire, encrypting hundreds of thousands of computers in more than 150 countries in a matter of hours.” This spread was made possible by the sheer number of computers that had not been updated and is widely reported to have cost $4 billion globally.

Another example of an attack exploiting a known vulnerability is the ‘NotPetya’ malware which spread through an accounting software. Again, Microsoft had already released patches to close the vulnerability and only the large number of computers that had not been updated were affected. In a report from Wired, a White House assessment estimated the total damages from this malware at more than $10 billion globally.

Ensuring your business is as safe as possible against these fast spreading global attacks should be paramount to any business’ cybersecurity plan and is often as easy as clicking the ‘update now’ button.

NZI’s National Relationship & Cyber Manager, Andrew Beven, provides some additional reasons for businesses to update their software as new versions are released.

“Software updates can provide more than just security patches. Updates can add new features, tools or design revisions which could offer you or your business tangible benefits.”

“Closing vulnerabilities helps reduce the likelihood of being affected by malicious attacks that could prevent access to your data. This can damage reputation and disrupt your business.”

Software updates can provide more than just security patches. Updates can add new features, tools or design revisions which could offer you or your business tangible benefits.

Andrew Beven - National Relationship and Cyber Manager

“If a business device becomes infected with a virus that virus could extend beyond the business’ network and spread to external contacts such as friends, family and business contacts.”

Despite the obvious security benefits in updating your business’ and personal software, users do need to be aware of the changes included in various updates. These updates can potentially create compatibility or other issues that disrupt the business and need to be ironed out prior.

Andrew mentions the best practise for this is to create a roll back point prior to updating, this way if something goes awry systems can be rolled back to when the applications were functioning correctly giving time to find a workaround.

With the risk of not updating software potentially leaving your business vulnerable to these and similar threats, make sure your software is regularly updated and heed the reminders to ‘update now’.