IT Horror Stories: How Unpatched Software Hurts Businesses

IT Horror Stories: How Unpatched Software Hurts Businesses Blog Banner

5 Bite-Sized Ways to Improve Your Business Every Week

NinjaOne Newsletter

Join fellow growth-minded MSPs and feed your business with new tips and tutorials delivered straight to your inbox.

Don't miss any promotions, free tools, events & webinars and product updates. Subscribe to receive the NinjaOne Newsletter.

Grow faster. Stress less.

Visit our Resources Center for more MSP content.
Team Ninja      

Leaving software unpatched is one of the most basic, unforced errors an executive can make, but companies large and small keep learning this the hard way. Keeping software up-to-date is harder than it seems, so even when execs are aware of the importance of patching, the sheer volume of needed fixes and the high error rate mean that not every company stays protected.

What is unpatched software?

Unpatched software refers to computer code with known security weaknesses.  Once the vulnerabilities come to light, software vendors write additions to the code known as “patches” to cover up the security “holes.” Running unpatched software is a risky activity because, by the time a patch emerges, the criminal underground is typically well-aware of the vulnerabilities.

Consequences of unpatched software

Leaving software unpatched and vulnerable creates some serious issues. Just take a look at a few of the data breaches that have occurred this year within some of the largest and most well-known companies.

Microsoft data breach

As one of the largest tech businesses in the world, Microsoft is often targeted with cyberattacks. In March of 2022, hackers from an international cybercrime group known as Lapsus$ breached Microsoft and compromised Bing in the process. Luckily, Microsoft was able to shut down the attack without major damages on March 22nd, just two days after it had begun on March 20th.

Toyota data breach

On October 11th of 2022, Toyota was breached and revealed the email addresses and customer control numbers of approximately 300,000 customers who used their T-Connect telematics service. Fortunately, none of the customers’ financial data was stolen, and no further personal information was taken from the database.

Samsung data breach

Samsung is a global leader in tech, making them a target for cyberattacks. In July of 2022, Samsung was breached by an unauthorized party that stole customers’ personal information, such as names, phone numbers, demographics, birth dates, product registration info, and more.

Cybersecurity & vulnerability statistics

The statistics listed below are only the most colorful recent examples of negligent patching practices, but many executives have their heads in the sand about the severity of the problem. “Small business owners tend not to focus on security because they see it as a liability and a cost center,” says AJ Singh, vice-president of product at NinjaOne.  “They don’t consider the losses from outages.”

ThoughtLab’s 2022 cybersecurity study 

A 2022 cybersecurity study by ThoughtLab determined that software misconfigurations, along with poor maintenance, create the majority of security concerns. They claim, “Over the next two years, security executives expect an increase in attacks from social engineering and ransomware as nation-states and cybercriminals become more prolific. Executives anticipate that these attacks will target weak spots primarily caused by software misconfigurations (49%), human error (40%), poor maintenance (40%), and unknown assets (30%).”

Automox’s 2022 unpatched vulnerability report

Automox’s 2022 unpatched vulnerability report shows that unpatched vulnerabilities are directly responsible for 60% of all data breaches. Despite this statistic and the risks that unpatched software creates, this research shows that “A staggering majority of CIOs and CISOs even say that they delay putting security patches through to avoid interrupting business growth – and 25 percent say that they are certain their organization is not compliant with data security legislation.”

UpCity’s 2022 cybersecurity survey

UpCity’s 2022 cybersecurity survey has a plethora of cybersecurity statistics. They explain that approximately 43% of businesses feel financially prepared to take on a cyberattack, and that 2021 cyberattacks cost U.S. businesses more than 6.9 billion dollars. Also, UpCity reveals that businesses are slowly adapting to post-pandemic security measures. They note that “42% of respondents have revised their cybersecurity plan since the COVID-19 pandemic.”

High-Risk Behavior: Notable examples of unpatched software in 2022

Unpatched software horror story

# of records exposed

Terrifying plot twist

Uber, one of the most popular transportation services, covered up an enormous data breach from a cybersecurity attack that affected both drivers and passengers who use the service. 57 million This data breach actually occurred back in 2016, but it was concealed until July of 2022. Uber paid $100,000 to the hackers to prevent the event from going public.
Singtel is one of Asia’s top communications businesses, and a cyberattack revealed data from its businesses and customers. Although this cyberattack occurred two years ago, it was revealed publicly October 10th, 2022. 129,000 customers and 23 businesses This breach revealed sensitive personal information of customers, such as names, birth dates, mobile numbers, addresses, and identity information.
Crypto.com is a currency-exchange company, allowing users to convert their currency into cryptocurrencies such as Bitcoin and Ethereum. 18 million in Bitcoin and 15 million in Ethereum 483 accounts lost their funds due to a cyberattack and were able to access users’ virtual wallets.
The global social media platform Twitter suffered from a data breach in July of 2022. In August, the company confirmed publicly that the data breach had occurred and leaked users’ personal information. 5.4 million This data breach leaked personal information, such as phone numbers and email addresses, of 5.4 million users. This was all due to a single vulnerability in the system that occurred after updating the code in 2021.

 

How automated patching reduces security risks

Though reputable vendors typically offer free, automated patching for outdated software, the process can sometimes break down or cause software to malfunction. “Patching is an uphill battle,” Singh says. “There are new threats out every day.” Our internal research at NinjaOne shows that 25-30% of Windows 10 patches fail, which is why we custom-built a utility to successfully execute the process and remediate threats.

Benefits of automated patching for MSPs

Automated patching provides a multitude of benefits for busy MSPs. With automated patching, MSP managers have the option to “set it and forget it,” meaning they can issue a blanket instruction to update O.S. and third-party software across all devices.  Or they can tweak patching at a granular level, electing to manipulate settings on a per-device or per-group basis.

NinjaOne’s patch management software offers all these features and more. And you don’t have to take our word for it. An independent survey of MSP users recently rated NinjaOne as having the top software patching functionality among its competitors in the remote monitoring and management (RMM) tool space.

Eliminate security threats with NinjaOne patching

Ultimately, patching is both too important and too tedious for non-professionals to manage.  And frankly, it can be a headache for MSPs too. That’s why NinjaOne offers patch management software that takes the pain out of this essential process. To see NinjaOne in action, sign-up for a free trial.

5 Bite-Sized Ways to Improve Your Business Every Week

NinjaOne Newsletter

Join fellow growth-minded MSPs and feed your business with new tips and tutorials delivered straight to your inbox.

Don't miss any promotions, free tools, events & webinars and product updates. Subscribe to receive the NinjaOne Newsletter.