Security nightmare: 27% of enterprises take months to install vital security updates

Kollective’s report, which incorporates research from 260 IT managers, leaders and decision makers, highlights how the network security of UK businesses is failing to meet industry expectations. These failings are especially common among large organisations – with 45% of those with over 100,000 computer terminals having to wait at least a month before installing vital security updates.

This failure to rapidly deploy and install security updates is placing businesses at greater risk of a targeted cyberattack, as hackers look to exploit the vulnerabilities of outdated systems. Kollective’s report also found that 37% of IT managers list ‘a failure to install updates’ as the biggest security threat of 2018. This makes outdated software a bigger threat than password vulnerabilities (33%), BYOA / BYOD (22%) and unsecured USB sticks (9%). 

Kollective blames this failure to install updates on a combination of slow testing procedures and an inability to distribute updates automatically at scale. As Dan Vetras, CEO of Kollective explains: “Following numerous corporate cyberattacks over the last 12 months, today’s businesses are spending more than ever before on enhancing and improving their security systems. But, this investment is wasted if they aren’t keeping their systems up-to-date.

“While it’s obviously important for IT teams to spend time testing new software and updates before rolling them out, our research has found that many of the delays in software distribution aren’t because of testing, but rather a lack of infrastructure. Poorly constructed networks mean that, even those companies that have made a significant investment in security software, are still leaving their organisations vulnerable to attack. With a growing number of applications being left out of date, today’s businesses are creating their own backdoors for hackers, botnets and malware to attack.”