In recent years, some of the world’s largest brands and organizations have fallen victim to data breaches and cyberattacks. Despite these events causing heightened awareness and increased investment in security processes, the frequency of such cyberattacks hasn’t slowed down so far in 2018. While today’s businesses should be more vigilant than ever about cybersecurity, what does the state of software distribution look like today and what key learnings have come from this year to date?
1. Big companies aren’t immune
So far this year, numerous household names have been cited in the media as examples of companies failing to protect their customer and employee data. These high-profile organizations range from US universities to popular apps and the UK’s National Health Service.
Surprisingly, though, some of the largest and most well-known cyberattacks in recent years have been due to a failure to update and maintain operating systems, software and IT infrastructure rather than a lack of proactive security measures.
According to Kollective’s State of Software report for 2018, which surveys over 250 IT professionals, over a third (37%) of IT managers named a ‘failure to install updates’ as 2018’s biggest security threat. This ranks it above bring your own device (BYOD), unsecured USB stick usage and password vulnerabilities. So why are so many well-known companies still falling into the same traps and not learning from the mistakes of others?
Looking back to the WannaCry attack last year, the shocking, headline-making breaches were so high profile that they should have served as a real ‘sit up and listen’ moment to companies across the world. This attack was not sophisticated but was instead a direct result of a failure to download patches, modernize infrastructure and install necessary updates. In fact, some of the companies involved were still using the 17-year old operating system, Windows XP, which had stopped receiving support in April 2014. So, while security software can protect an organization’s sensitive data to a certain extent, failure to install updates and patches can render these protective measures completely useless.
While many of the victims of these attacks were angry with the companies directly for this failure, in truth, distributing these updates effectively and quickly across large workforces is a challenge that requires sufficient infrastructure and bandwidth, which is not always available. So much so that Kollective’s research shows a third (34%) of large enterprises struggle to distribute content across their networks. However, without this ability to effectively distribute these updates, any organization, no matter how large, can be left at serious risk without even realising it.
2. Jumping on the bandwagon isn’t always wise
Those companies looking out for news of the next big cyberattack will also be very aware of the numerous, trendy IT buzzwords doing the rounds in 2018. According to the State of Software research, the top priorities for IT teams over the next two years are artificial intelligence, cloud computing, unified communicationss and machine learning. While these technologies do have an important role to play in the future, IT teams should be careful not to focus too heavily on these flashy or futuristic-sounding trends. Often it is the simpler elements which are much more fundamental – and much more important – to an organization’s core IT infrastructure.
As it stands however, many IT leaders have been swayed by their superiors, peers and the media and, as a result, feel compelled to invest in these new innovative technologies. The result has been less time, and less budget, devoted to essential – but ultimately more day-to-day – technologies that help to guarantee an organization’s security in the long term. For example, many IT teams just don’t appreciate the importance of scalable security updates and software defined networking, with only 18% of IT managers saying that they intend to adopt a software-defined Enterprise Content Delivery Networks (SD-ECDN) by 2020.
By jumping on the bandwagon and concentrating solely on these disruptive but ‘showy’ technologies before solving vital network issues and delays, enterprise IT teams are letting down their defences against potential future cyberattacks. The wider effect of which reaches employees, customers and the future of the business itself.
3. Don’t wait to update
Many IT teams struggle to overcome significant delays when attempting to roll out their software and security updates, with a quarter (27%) saying that they must wait at least a month before successfully implementing vital security updates to their entire organization. Of those with 100,000+ computer terminals and devices, this figure jumps to almost half (45%).
Despite these challenges, if we’ve learned anything from this year, it’s that IT leaders cannot risk leaving any of their devices out of date. With software-defined networks and ECDNs (Enterprise Content Delivery Networks) now widely available, IT teams do not need to rely on the old-fashioned ‘rip out and replace’ strategies. Instead, a faster peer-to-peer network can be overlaid on their existing infrastructure, providing an efficient, cost-effective solution. This can also increase distribution speeds significantly and solve network scaling issues without the need for costly hardware replacements.
Many companies are already running these software-defined networks to distribute video content and large files across their organizations. Modifying their software-defined ECDN (SD ECDN) would allow them to leverage the same technology to distribute security updates and operating system files. The SD ECDN reduces the bandwidth load on a company’s network, so the greater the number of peers across the enterprise, the more efficient the content delivery becomes, even on legacy hardware. This allows enterprises to simultaneously deliver important security updates across their networks and removes the need for month-long delays while reducing the risks of cyberattacks.
While investment in security software is important, a lack of infrastructure or poorly connected networks can be just as problematic. Too many companies are not taking the appropriate measures to avoid becoming the next target of devastating attack. With an increasing number of applications and networks being left to go out of date, today’s businesses are focusing their attention in the wrong places and leaving themselves wide open and vulnerable to potential attacks.