Apathy towards system updates is putting UK organizations at risk
- Published: Wednesday, 16 June 2021 10:58
25 percent of UK employees have previously had a dispute with IT staff about the importance or frequency of updating their work devices. Surprisingly, UK IT teams tend to agree with such demands and let 75 percent of staff skip installing updates on certain software or the OS. This was revealed in a study commissioned by Kaspersky to explore workers’ attitudes and habits toward updates.
Employees may request these options because they are afraid that the time spent updating may affect their productivity. More than half of UK respondents are actually distracted from work because of updates: 48 percent take a break from what they were doing and 7 percent just wait patiently at their desk. Difficulties don’t end at the installation stage, as 49 percent of employees agree that learning new versions of software is a waste of time that could be spent doing their job.
Updates not only bring new functionality and fix bugs, but also address security vulnerabilities. And once a security update is released, malefactors know about these issues. That is why patch management is essential for corporate security. However, some staff members are reluctant to update their work devices, meaning that there are vulnerable computers, laptops, and smartphones in the corporate network.
Overall, 49 percent of respondents stated that they are less concerned about updating their work devices than personal ones.
To help IT staff to encourage employees to regularly install updates, Kaspersky recommends:
- Preparing instructions or video lessons on how to use the updated software. Provide contacts for people who employees can reach out to in case of any issues.
- Informing staff about the importance of timely updates and what can go wrong with their data and the company’s assets if cybercriminals exploit unpatched security issues.
- Warning employees that if they put off updates for a long time, their devices can install them automatically and restart their devices when they are busy with urgent tasks.
- Implementing a security awareness course that covers this topic.
- For critical IT or operational technology systems, it is important to always be protected regardless of delayed updates. This means systems should only perform predetermined activity. KasperskyOS supports this concept of Cyber Immunity and it can be used to build IT systems that are secure by design.
About the survey
In April 2021, Kaspersky commissioned Savanta to conduct an online survey of 15,000 respondents to explore people’s device update tendencies. The sample included 1,000 respondents from each of the UK, France, Germany, Italy and Spain; and 500 from each of the USA, Netherlands, Austria, Portugal, Romania, UAE, Turkey, South Africa, China, India, Australia, Brazil, Mexico, Argentina, Colombia, Chile, Peru and Russia. All respondents used a PC, smartphone and/or tablet for either their personal or work lives, and 76 percent of the respondents were currently employed.
More details (PDF).