The Importance of Updating Software
In our increasingly digital world, software is an integral part of our lives. Laptops, smartphones, home appliances, and even the functionality of vehicles are driven by software. As the adoption of technology increases, the risk of becoming a victim of cybercrime also rises. Afterall, 1 in 3 homes with computers are infected with malicious software according to the Cybersecurity Infrastructure and Security Agency (CISA). Fortunately, you have the power to reduce the likelihood of becoming a victim of cybercrime!
Why is Updating Software Important?
Companies regularly update their products and in doing so provide software updates for their customers to apply. These updates, or patches, contain feature enhancements, improve performance, fix bugs, and address security vulnerabilities which can be exploited by bad actors. Applying updates to software is the responsibility of the customer, and although doing so may be a minor inconvenience, by applying updates you can significantly reduce the likelihood of becoming a victim of a cybercrime. Notably, 60% of cybersecurity breaches were due to a software vulnerability in which a patch was available but had not been applied according to a study conducted by the Ponemon Institute.
In 2017, Equifax, a multinational consumer credit reporting agency, was breached due to an unpatched software vulnerability. Although a patch for the vulnerability was available, Equifax failed to apply said patch in a timely manner which left their systems exposed to exploitation. The breach exposed personal and financial information of approximately 147 million individuals. The exposed data included names, social security numbers, birthdates, addresses, credit card numbers, and driver’s license numbers. The breach created significant issues for the affected individuals such as identity theft and unauthorized account charges while Equifax faced significant legal, financial, and reputational consequences.
Today, we store or access sensitive data on personal devices which we wish to keep protected. We complete banking transactions, communicate with healthcare providers, purchase goods, and interact with loved ones. To keep this data protected, it is important to apply software patches as they are made available by the software’s developers. Updating software is not just a minor inconvenience to be ignored; it is an essential part of maintaining the security, performance and functionality of your devices and systems.
To Update or not to Update, that is the Question
Read the following story to learn why installing updates is important
It’s a busy time of the semester. Joe is juggling his coursework as well as a job which has put his time management skills to the test. Although he’s busy, it’s also an exciting time of the year as he has almost completed the capstone project for his program. He has spent hours and hours on this project; many long days and nights. In a couple more weeks he will be finished with his program.
During the following week, Joe finished a shift at the restaurant he works for. It was late in the evening, but he decided to spend a bit of time doing research for his capstone project. He opened his laptop and a pop-up notification indicated that the device had new updates available. Joe clicked on the notification out of curiosity and the window displayed multiple missing patches for his laptop. With a shrug, Joe closed the window and told himself he would update his laptop at another time when he was less busy; it couldn’t be that big of a deal, right?
Joe was hard at work that evening researching on the internet for his project. He had spent a few hours searching the internet for supporting data on a particular topic but he was unable to find what he was hoping for. He was getting tired and decided that it was time to wrap up for the night, so he began saving his research to the folder which automatically backed up to a cloud storage location. Just before doing so, he noticed another recommended website listed by his favorite search engine that he had yet to view. Without thinking about or checking whether the website seemed suspicious, Joe clicked the link to find the answer to his question.
Wow!, Joe thought. This was exactly the supporting data he was looking for. The website provided a free option to download the data set – this is perfect! Joe clicked on download and waited for the data to download to his device. The download took some time, so Joe decided to leave his laptop and return in the morning to make sure it contained the data he expected.
When Joe returned to his laptop in the morning, it was rendered useless! The screen was locked and a message was posted extorting money in exchange to obtain access to his device again. Unfortunately, the file that Joe had downloaded contained malware which exploited the software vulnerabilities on his device and locked his computer. If only he had updated his computer!
Joe was worried - primarily about his research project. Does this mean that all his data is now gone? Will he have to restart his entire project? He had spent so much time getting to where he was and now there are only a couple of weeks left in the semester before the project is due.
Joe brought his device to a local computer shop which he hoped would be able to fix his computer and bring it back to normal. Unfortunately, the computer shop informed Joe that they were unable to recover the data on his device but they would be able to reset it to its original state. The computer shop technicians informed Joe that although they were unable to retrieve the data from the device itself, if it was stored elsewhere it should be safe. Joe reluctantly agreed to have the computer shop reformat his device so that the malware would be removed and he would be able to use the laptop again. But then he remembered… He stored a backup copy of his data in the cloud!
It was quite a week for Joe. His plan was to add finishing touches to his capstone project by finalizing his research on the internet. However, by ignoring the updates that were available for his laptop, he accidentally downloaded malware that locked his own device! In the future, Joe plans to install updates as soon as they are available on his computer so that he doesn’t have to go through this hassle again.
The Information Security Office at Ohio University has resources on their website to help you secure your personal and work devices. Visit the Secure Workspaces page to learn more about how to secure remote work, securing your personal computer, and securing your software!