Outdated software has become a major cybersecurity liability

In the artificial intelligence (AI) era, IT and cybersecurity teams must ensure every device runs the most secure software version available.

As cybercriminals gain access to more advanced AI models, the amount of time and effort required to first discover a vulnerability and develop a means to exploit it is now approaching zero. While that is likely to increase the number of unknown zero-day vulnerabilities that might be exploited, most cybercriminals will—at least initially—focus on exploiting known vulnerabilities faster than ever.

Unfortunately, there is no shortage of existing vulnerabilities to be exploited. For example, a  Jamf Threat Labs analysis of 1.7 million iOS and Android devices and over 150,000 Mac devices finds more than half (53%) of organizations discovered they had devices with critically out-of-date operating systems.

Additionally, 75% of devices had at least one vulnerable application installed. In fact, 95% of the applications assessed contained at least one medium-severity vulnerability, with 62% enabling dangerous permissions. A full 44% of devices had been exposed to malicious network traffic.

Historically, many IT teams have been reluctant to deploy the latest version of any type of software for fear the update would break the application. However, as cybersecurity threats become more sophisticated the potential damage that might be unleashed by a successful cybersecurity attack is in many cases starting to exceed the risk that might occur if an application was unavailable.

The truth is, much like our smartphones, much of the software running on devices can be automatically updated. If issues arise, the same deployment automation can typically be used to roll updates back safely.

The other reason that updates will need to be automated is that the number of updates made to software will become more frequent in the age of AI. As the cost of creating code continues to rapidly decline, more features, including patches to remediate vulnerabilities, will be created faster than ever. In fact, fixes for faulty features or patches may soon be available within hours rather than days.

The challenge is no one pays more attention to what vulnerabilities have been discovered than malicious actors. Exploits that once required days and weeks to develop can with the help of AI coding tools now be created in a matter of minutes. Automation frameworks make it possible to then launch those attacks within hours of disclosure of a vulnerability. Running the latest version of software may not completely mitigate those potential threats, but running an older version that has known vulnerabilities is now nothing less than an invitation to disaster.

Of course, automating deployments of software updates to improve security will require the cooperation of IT operations teams. The only reason that probably hasn’t occurred as much as it should is many of the members of those teams have not yet come to terms with the new realities of software security.