David opts for the “Remind Me Later” button whenever a notification pops up for a software update – and he’s been doing it for the past six months. Sounds familiar? We bet it does because we are all David at some level.
Keeping your software updated is one of the most essential steps you can take to keep your website secure but it appears that not many people give it much consideration.
A study conducted by researchers from the Institute for Internet Security at the Westphalian University of Applied Sciences analyzed 246 client- and server-side software products used across more than 5.6 million websites. The study was led mainly by Nurullah Demir and Tobias Urban and went on for eighteen months. The study looked at the software products used by websites, their update statuses and release dates and then mapped them against the 147,312 known vulnerabilities identified by the NVD (National Vulnerability Database).
The results of the study revealed that nearly all of the websites studied used at least one outdated software product – only 6% of websites were running on fully updated software and a shocking 47% had let their entire software library go out of date. This made the websites susceptible to a whole myriad of known vulnerabilities via the outdated security holes which could allow hackers to inject malware or steal sensitive data – and they won’t even have to do much to get into the system.
Of all the software products that were analyzed, 60% were found to be exploitable by these vulnerabilities and 95% of the websites were using these outdated software products (meaning that there’s a 95% chance that any website you visit would be vulnerable to attack). Not only that, the number of vulnerable websites is increasing exponentially as websites keep postponing updates and accumulating further vulnerabilities. Apart from this, there are a few more shocking findings from the study:
- Each software product analyzed had 8 vulnerabilities on average.
- 92% websites are vulnerable to potential XSS (cross-site scripting) attacks.
- The average website is engaged in 29 vulnerabilities.
- The average software product is approximately 48 months behind the latest update – that’s 4 years.
The potential cost of running old software is actually much higher than website owners estimate. While it is true that maintaining a whole array of complex technologies up to date is costly in itself, and making sure that everything functions together is not easy, even a single vulnerable component can endanger the entire system.
Web applications are composed of different modules – think of them as cogs – that work together and perform specific tasks. Even if one cog starts to malfunction, the security of the entire application would be compromised. And it has been found that a cybersecurity attack results in an average $2.6 million in damage.
So the solution to this problem is very simple, even if it is time-consuming: make sure all your software is up to date to avoid any sort of security loophole. You will thank yourself later.