95 Percent of Websites On The Internet Are Backed By Outdated Software And Security Risks

How often do we forget to smell the smallest of things?

If there is one basic aspect of security that often remains an underestimate then that has to be keeping your software up to date from time to time. You always get to hear security experts talking about how running a website on outdated tech can be very vulnerable as the unpatched security holes then give way to attackers to inject your system with the malware right of their choice. This all also happens without much effort.

However, with that being said, the common-sense practice of keeping the software isn’t really common, and instead according to a new study coming from the group of researchers from the Institute for Internet Security at the Westphalian University of Applied Sciences. More than 5.6 million websites currently run on the internet with the similar risk.

The group of researchers led by Nurullah Demir, Tobias Urban, and others, took 18 months to analyze 246 client and server-side software products which backed more than 5.6 million websites. The research included every little detail of how websites handle software updates in comparison to the versions and release dates of the 246 software products. The conclusion was then matched against 147,312 known vulnerabilities from the National Vulnerability Database (NVD).

Overall, almost every other website still had at least one outdated software product, which eventually increased its chances of being susceptible to become a host of vulnerabilities.

On the other hand, there were only 6% websites that had up-to-date software and a massive 47% had let their software catalog go out of date intentionally.

Together there was exploitable vulnerability identified in 148 (60%) analyzed software products, and quite surprisingly those also backed 95% of the websites which were marked to be risky. With that, the researchers also stated that the number of vulnerable websites are only going to increase with time as some updated websites may also adopt the culture of postponing updates.

There were also some really horrifying findings of the study:
  • On average, every software product lags 48 months behind its current latest patch.
  • 92% of websites are at the risk of facing cross-site scripting (XSS) attacks.
  • Every analyzed software product also consisted of 8 vulnerabilities.
  • Every website can be affected by 29 vulnerabilities on average.

What’s The Deal With Running Old Software?

There is no doubt in the fact that keeping a diverse ecosystem of complex technologies updated and working well can be a very challenging task. As a matter of fact, websites then rely on using perpetually evolving technologies that are based on different release cycles in order to keep up with the task of keeping up with every update.

But if in case, it is left unpatched, then even a single vulnerable component can take over the whole system. So, since the web applications also work on different modules which are inter-connected to perform a single task, therefore, one vulnerability in any of the modules can put the security of the entire web app at risk.

While all of the findings stated above may be too much to grasp, there is still a tip to save your website from all the aforementioned trouble and that is to simply keep all of your software up to date. It can be time-consuming but you can save yourself from the cost of a cyberattack which on average is $2.6 million.

Read next: New Malware For macOS Rose To Shocking Numbers In 2020
Previous Post Next Post