According to the Nihon Keizai Shimbun (Japanese newspaper), a study of servers and mission-critical computers used by companies to run their websites and other operations found that old software that could be vulnerable to cyber attacks was left on 50 percent of the world’s devices.

In Japan, the percentage of vulnerabilities left unattended was high for servers and PCs running Windows.

Windows is used in more important systems that run the entire enterprise than any other software, and the severity of a cyber attack is considered to be high.

In fact, the business risk of information leaks due to cyber-attacks has been increasing year by year, and in Japan, the revised Personal Information Protection Law, which came into effect in April, imposes reporting obligations, and there have been reports of huge fines under the European General Data Protection Regulation (GDPR).

1. What is a vulnerability?
The Ministry of Internal Affairs and Communications (MIC) explains vulnerabilities on its “Information Security for the People” website as follows
A vulnerability is an information security flaw in a computer operating system or software caused by a bug or design error in the program. Vulnerabilities are also referred to as security holes. If a computer is used in a vulnerable state, there is a risk that it will be used for unauthorized access or infected with a virus.
(Reference source: Ministry of Internal Affairs and Communications, Information Security for the People website)

2. Is it dangerous to leave aging software unattended?
Normally, when a vulnerability is discovered in an OS or software, the developer makes and provides an update. Therefore, leaving software without proper updates, regardless of whether it is new or old, is extremely dangerous because it creates a situation where no countermeasures are taken against the vulnerabilities that are constantly emerging.

3. What you should do to reduce the risk of cyber attacks.
It is important to constantly collect information on OS and software updates, and to update them as quickly as possible. However, in reality, there are many cases of neglect due to lack of human resources and budget. Especially in the case of servers that are open to the public on the Internet, the risk of information leakage or misuse due to unauthorized access through vulnerabilities increases. If you are unable to take appropriate measures within your organization, one of the options is to leave it to the experts.

4. Use of SaaS is a recommended measure. With SaaS, you don’t need to have a server in your organization, and you don’t need to update the OS and software by yourself. Our SaaS offering, Moodle, is supported by a very active OSS community, so it is said to be highly reliable and stable. Moodle is constantly being upgraded with new features, security patches, and bug fixes, so you can use it with confidence. The server’s operating system is also updated by experts as needed, which reduces the risk of cyber attacks. If you are looking to strengthen your organization’s security, we recommend using SaaS.