Security experts have long warned that big industries and utilities are natural targets for hackers. Yet a recent study of their IT infrastructure finds them still lagging on a fundamental security precaution: Keeping software updated to keep intruders out. A new year-long global survey of more than 1,800 such networks by the cybersecurity firm CyberX found that 62% were using outdated Windows installations that no longer get security patches from Microsoft. That will rise to 71% come January when Windows 7 sunsets.
Ransomware and other malware often exploits known software loopholes. Software that’s no longer updated becomes increasingly vulnerable over time. A lot is at stake. Cyberattacks on these organizations could lead to disruption of power generation and distribution, wastewater treatment, or oil, chemical and pharmaceutical production. CyberX’s Phil Neray says many networks aren’t secure because they were established well before the proliferation of malicious software. Oil and gas companies received the best security scores. Pharmaceutical and chemical companies fared worse.