Cloud Communications

Unpatched Software Vulnerabilities Named the No. One Security Risk for SMBs

By Mae Kowalke TMCnet Contributor

I admit, not all of my software is up to date. I just don’t have the time to stay on top of all the patches and updates typically required, even though much of it is automated these days. To my surprise, I’m also not alone.

When it comes to small and medium-sized businesses (SMBs), unpatched software vulnerabilities are the top IT threat, according to Leigh Dworkin, product manager at industry leading SMB security expert, GFI Software.

There are many doors through which malicious hackers can enter the SMB’s IT stack. The list of vulnerabilities appear almost like a tasty platter to them, including portions of the operating system, Web browsers, Java, Adobe (News - Alert) software or even less considered vectors such as device firmware and hardware drivers.

But what small business regularly checks for updates to its hardware drivers?

This is where the problem lies. In a large enterprise, such things often go noticed, but for small firms, even old patches can go unapplied.

So it isn’t just Java that’s vulnerable on many SMB networks. Old vulnerabilities such as using rich-text documents to exploit a stack buffer overflow vulnerability in Microsoft (News - Alert) Office can still be an issue, even though Microsoft released a patch for that problem back in November of 2010. Essentially, many components are still fair game for security corruption.

Additionally, a study published by M86 (News - Alert) Security Labs found that the Web exploit observed most often in the second half of 2011 targeted an Internet Explorer 6 vulnerability that received a patch as long ago as 2006. People just don’t apply patches enough, myself included, and SMBs aren’t always large enough to follow the rigorous security protocols of larger organizations.

Even if SMBs do take security sternly and seriously, there’s still the ever-present challenge of knowing what software actually is running on a network, as well as dealing with network issues that come from applications that are configured in unusual ways. This can include unknown groups, open ports and network shares that may have been simple workarounds at the time, but now, prove dangerously insecure.

This is why networking monitoring solutions such as GFI’s suite of security products are absolutely vital for SMBs.

GFI Cloud, for instance, gives SMBs on the medium side of things control of their in-house IT systems across all workstations and servers, both on and off the corporate network. The company confidently claims that within minutes, its robust cloud offering provides antivirus, asset tracking, network monitoring and remote control from one unified platform. This makes it easy for the overtaxed SMB IT admin.

Another GFI product that SMBs might want to consider is GFI LanGuard, which provides patch management, vulnerability assessment and network auditing. Easy to set up and deploy, GFI LanGuard gives SMBs a complete picture of their network setup, helping the harried IT admin maintain a secure and compliant network state. It does this faster and more effectively through its automated patch management features and with minimal administrative effort.

So instead of relying on good behavior, GFI can make sure SMBs stay secure.

To learn more about all of GFI’s SMB cloud communications and security offerings, visit www.GFI.com.

Want to learn more about cloud computing solutions geared specifically towards small to medium-sized businesses?  Don’t miss the Cloud4SMB Expo, collocated with ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at Cloud4SMB Expo. Follow us on Twitter.

View More