Failure to upgrade: the danger of an outdated security net

It wasn’t that long ago that a device was a piece of equipment developed to do one thing – cameras took photographs, telephones made calls, word processors were for writing. But technology became cheaper and smaller, and we’re now watching the unprecedented integration of photographic, telephony, ecommerce, and other data driven technology and content into single devices. It’s hard to imagine today’s devices completing only a single function.  

Security software is not immune to technological progress and has been evolving in much the same way. Old software cannot keep up with rapidly changing online attacks and exploits.

Case in point – technology continually evolves. But it’s not just legitimate businesses making technological leaps and bounds with their products, cybercriminals are also cooking up new and inventive ways to steal your information and assets. As a result, security providers have to continually refine their products to stay ahead of these new threats.

Symantec’s latest Internet Security Threat Report (ISTR) shows that less than half (49 per cent) of malware is stopped by traditional antivirus software. Software that relies on blacklists (bad) and whitelists (good) of programmes cannot provide adequate protection in today’s evolving threat landscape. This simply means that if you use old security programmes your defences aren’t keeping up with the bad guys. Moreover, even modern security needs to be patched and up-to-date to be effective.

New technologies are necessary to keep up with highly organised syndicates of cybercriminals that work together to create malicious programmes like Stuxnet.

Yet some organisations still don’t prioritise the upgrading of their security programmes, choosing instead to rely on the misconception that last year’s version is ‘sufficient for now’. One reason for this might be businesses mistakenly thinking the migration will take several weeks or months. But customers who upgrade their security tell a different story. In many cases, they’re surprised by seeing the deployment completed in as little as two weeks – with 98 percent of those surveyed post-migration highly recommending the upgrade to their colleagues.

Just as it's inconvenient for us to carry around a bulky camera, phone and laptop when the same type of functionality can be leveraged as part of a smart phone, we can't afford to let ourselves be content with security products that have failed to evolve or integrate the latest technological developments.

Symantec Insight, our reputation-based security technology, tracks nearly every file on the internet to separate those that are known from those that are unknown, or otherwise put as potentially posing a risk. It’s built on contributions from over 210 million systems in over 200 countries and provides organisations with advanced context to determine if a file should be trusted.

Part of Insight is SONAR, our newly enhanced behavior reputation engine, it monitors files to better identify zero-day and other unknown threats. Reputation-based, heuristic protection is superior to traditional signature-based protection. SONAR and Insight aggregate risk data and behaviors to make accurate decisions on the trustworthiness of programmes. It asks questions such as, ‘does this code appear frequently and within reputable programmes, and does it behave as it should?’

Failure to take advantage of improvements in online security – free or paid – means that you’re leaving important information unguarded against the latest threats. Today’s phishers, spammers and scammers are designing attacks to steal intellectual property, customer and financial data, and to compromise critical business information and systems. With the protection of your business at stake – and your security posture at risk of being breached – hesitating to guard your most important information and assets with improved security is a disaster waiting to happen.

The latest security software goes far beyond minor updates to last year’s products. Upgrading protects you, your staff, your intellectual property and your sensitive data while a breach destroys your customer relationships, systems and reputation. It’s worth asking yourself if not upgrading is worth the cost of repairing a security breach. 

Brenton Smith is the vice president and managing director of Symantec's Pacfic division.