Select Page

Damage limitation: timely software updates can cut business data breach costs in half

Posted by | Jan 6, 2021 |

Damage limitation: timely software updates can cut business data breach costs in half
عربي

According to a recent Kaspersky report, ‘How businesses can minimize the cost of a data breach,’ enterprises with outdated technology can lose 47%[AO1]  more money when they suffer a data breach than those who update everything promptly. For small and medium-sized businesses, the difference is even starker – up to 54%. The problem of obsolete and unpatched software is quite common and important for businesses to address since nearly half of the organizations (47%) [AO2] use at least some form of out-of-date technology their infrastructure. 

While vulnerabilities are inevitable in any software, regular patching and updates can minimize the risk of exploitation. That’s why users are always advised to install the latest software versions as soon as they are available, even if these updates can sometimes be difficult or a time-consuming task for organizations. With many businesses globally having at least some form of outdated technology (47%[AO3] ), Kaspersky’s survey shows that organizations should prioritize renewing software and be prepared to invest because doing so could save them money in the long-term. 

If a data breach happens, enterprises with any form of outdated technology, including unpatched operating systems, old software, and unsupported mobile devices, can suffer an additional $425k [AO4] in financial damage, taking losses to a total of $1.225m[AO5]. This is47%[AO6]  more than the cost for companies with completely updated technologies ($836k[AO7] ). As for small and medium-sized businesses, they can lose an additional $40k[AO8]. The total cost rises to $114k – 54% [AO9], more than $74k [AO10] for businesses with all required updates installed. 

Among the reasons given for not updating technologies, the most commonly reported is an incompatibility of updates with in-house applications (48%)[AO12] . This reason can be critical for organizations developing software internally to meet their own needs or when using very specific applications with limited support. Other reasons seem more down-to-earth: employees often refuse to work with new versions of the software they use (48%). In some cases, technologies are not updated because they belong to members of the C-suite (34%). [AO13] 

Any additional costs for business are of course critical, especially now. The global economic situation is unstable because of the pandemic and investments in IT and IT security are predicted to decrease. This is why in this year’s ‘IT Security Economics’ report we wanted to explore how businesses can reduce the burden in case of a cybersecurity incident. It offers strong reasoning why the issue of obsolete software is so important. Even if it is impossible to get rid of it overnight, there are still some measures to mitigate the risk. Companies can not only save money but also avoid other potential consequences – which is crucial for any business,” commentsSergey Martsynkyan, Head of B2B Product Marketing at Kaspersky. 

In order to save money and minimize the risk of data breaches as a result of software vulnerabilities, Kaspersky suggests the following measures:

  • Ensure the organization is using the latest version of its chosen operating systems and applications, with auto-update features enabled so that the software is always up to date. 
  • If it is not possible to update software then organizations are advised to address this attack vector through the smart separation of vulnerable nodes from the rest of the network, along with other measures. 
  • Enable the vulnerability assessment and patch management feature in an endpoint protection solution. This can automatically eliminate vulnerabilities in infrastructure software, proactively patch them and download essential software updates. 
  • It is important to boost security awareness and practical cybersecurity skills for IT managers, as they are at the frontline of IT infrastructure updates. A dedicated Security for IT Online training course can help. 
  • For critical IT or operational technology systems, it is important to always be protected regardless of any available software updates. This means they should only enable activity that is predetermined by the purpose of the systems. KasperskyOSsupports this concept of cyber-immunity and can be used to build IT systems that are secure by design. 

Kaspersky’s report, ‘How businesses can minimize the cost of a data breach’, is the second part of the IT Security Economics 2020 series and is available here. To read the first part, ‘Investment adjustment: aligning IT budgets with changing security priorities’, please download it from the Kaspersky IT Security Calculator web page

About The Author

Mohamed Ghamdi

Related Posts

Geopolitics and South East Asian targets power threat activity in Q1 as the big players stay quiet

Geopolitics and South East Asian targets power threat activity in Q1 as the big players stay quiet

May 13, 2019

<strong>Companies in Saudi Arabia named the reasons to outsource cybersecurity functions </strong>

Companies in Saudi Arabia named the reasons to outsource cybersecurity functions 

March 12, 2023

‎ LINKSYS LAUNCHES CLOUD NETWORKING MANAGEMENT SOLUTIONS FOR SAUDI ARABIA SMBs TO CUT IT COSTS IN HALF

‎ LINKSYS LAUNCHES CLOUD NETWORKING MANAGEMENT SOLUTIONS FOR SAUDI ARABIA SMBs TO CUT IT COSTS IN HALF

December 13, 2018

IndiGo Airlines Relies on Fortinet’s Secure SD-WAN Solution to Provide the Best User Experience for Business Critical Applications

IndiGo Airlines Relies on Fortinet’s Secure SD-WAN Solution to Provide the Best User Experience for Business Critical Applications

September 26, 2019

Latest News

Categories

WP Twitter Auto Publish Powered By : XYZScripts.com