While it’s critical that you discover and remediate the risk posed by outdated systems inside your organization, it’s just as important to assess your third parties. If these systems aren't patched or secured, per the FBI, they could “…negatively impact an organization’s operational functions, overall safety, data confidentiality, and data integrity.Approximately one third of healthcare devices have an identified critical risk potentially implicating technical operation and functions of medical devices. 53 percent of connected medical devices in hospitals have known critical vulnerabilities.Outdated software on any of these devices can expose your entire digital infrastructure and data to cyber risk.įor example, in the healthcare sector outdated and unpatched medical devices, such as MRI machines, insulin pumps, and defibrillators, are increasingly targeted by threat actors. Consider the many interconnected devices on your network, from IoT sensors and devices at the edge to cloud-based infrastructure and services.
Outdated systems can also cause major business disruption. Read our guide- How to Avoid Ransomware-to learn more. In fact, organizations with a patching cadence grade of D or F were more than seven times more likely to experience a ransomware event compared to those with an A grade.ĭespite the clear risk, many organizations lack the visibility to know where security gaps exist so they can proactively fend off ransomware attacks or mitigate their effects. When Bitsight analyzed hundreds of ransomware events to estimate the relative probability that an organization will be a ransomware target, we found that those with a poor patching cadence correlated with increased ransomware risk.
Outdated systems are low-hanging fruit for cybercriminals looking to perpetrate ransomware attacks. The top five cyber risks associated with outdated software and operating systems