Patching - while not always easy, affordable or quick - is an important aspect of information security. It’s one of the most basic security hygiene practices we preach, and for good reason. Unpatched, out-of-date software, systems and servers are prime targets of attackers armed with known vulnerabilities and malware.
WannaCry Ransomware Targets Unpatched Systems
The most recent global epidemic of the WannaCry ransomware is a high-profile example of the consequences of not patching Windows operating systems (OS) - affecting over 300,000 computers across the world, the attack brought hospitals, energy firms, government agencies and other critical operations to a halt.
The wormlike ransomware exploited a Windows Server Message Block (SMB) bug affecting unpatched versions of the OS, spreading quickly to other unpatched systems. According to data from Kaspersky Lab, 98 percent of computers affected by the initial attack were running Windows 7. And since Microsoft had released a patch to fix the SMB bug exploited by WannaCry back in March, that means those systems hadn’t been patched for at least two months.
Who’s At Risk?
You can't secure what you can't see. To shed light on who’s at risk of similar attacks, Duo Labs has collected and analyzed our dataset of 4.6 million endpoints, including 3.5 million mobile phones, completing over two hundred million authentications a month - all now available in The 2017 Duo Trusted Access Report.
We found that 59 percent of enterprise endpoints are running an old operating system, Windows 7. Within the healthcare industry, 76 percent of endpoints are running Windows 7. During the WannaCry epidemic, National Health Services (NHS) hospital systems in the U.K. were hit the hardest by the ransomware, while some medical devices in the U.S. were also affected.
While it’s entirely possible to run older software and apply the latest patches, running out-of-date versions of software can also potentially put your organization at higher risk. The latest OS, Windows 10, offers more security features that can proactively deter malware infection, and older versions lack the protection these features offer.
The good news is, our data shows that more than double the number of endpoints are running the latest version Windows 10 - 31% in 2017 compared to 15% in 2016. However, 69 percent of enterprise endpoints are still lagging behind.
Examining Indicators of Device Security Health
We looked at several key indicators of device security health across different industries and geographic locations, including:
- Out-of-date operating systems, browsers and plugins, like Flash and Java
- Mobile device security features, such as full disk encryption, screen lock and Touch ID/fingerprint authentication
Plus, we reveal deeper insights into user behavior and device health with campaign data from our phishing simulation tool, Duo Insight.
Phishing is one common and effective way for users to steal passwords and infect systems with malware. We found that 25% of recipients clicked on the link within a phishing email and another 13% entered their credentials - which, in an actual phishing attack, could potentially expose them and their company to malware and password theft.
Our data also revealed that 68% of recipients of a phishing email had at least one out-of-date device, which increases the risk of getting compromised via known vulnerabilities that target older, unpatched versions of software.
The 2017 Duo Trusted Access Report
In this report, you’ll get:
- Year-over-year trends of enterprise device and mobile security health
- Industry-specific highlights, including a spotlight on healthcare
- U.K./EMEA (Europe, Middle East & Africa)-specific data
- Phishing simulation campaign statistics
- Security tips, including how Duo’s Trusted Access can help
Download The 2017 Duo Trusted Access Report: The Current State of Enterprise Endpoint Security to get the full report.