In the long list of deliverables you are tasked with as an alternative investment firm, updating your browser may not rank very high. But it should – otherwise, you are providing a blueprint to hackers on how to get into your systems and steal your data.
New browser releases are made available on a regular basis to improve functionality and patch security issues. However, many alternative investment firms elect to continue using their current version, rather than making the updates. They may do so because they lack system administrators or the automation necessary to install the new version quickly and efficiently. Or, they may fear that if they make the update, legacy applications that use a browser may be affected.
But consider the following example: the recent Chrome 67 browser release had patches for 34 vulnerabilities. Nine of these were rated as “high severity.” In other words, the Chrome 67 release fixed nine really serious loopholes that hackers can use to attack you.
If you don’t install the new Chrome 67, those nine security gaps are still sitting there on each and every one of your computers and mobile devices. And – ready for this? – the release provides a blueprint to hackers on where and how to get into your systems. They don’t even have to work for it! Chrome has publicly identified all the vulnerabilities for them. Therefore, once a hacker determines what browser version you are using, they can target an attack. In fact, they probably have automated tools to put the attack in motion – they don’t even have to do any programming: “The firm is using this browser – I’ll just put this bot on the machine and click ‘Go’!”
In reality, there have been three or four browser updates you have missed. How many vulnerabilities, weaknesses, and gaps do you have as a result? The number of liabilities – and your corresponding risk – goes up every time there is a new release. For instance, with an outdated browser, you are at risk every time one of your staff accesses a portal, executes a trade, or goes to a website. It doesn’t even matter if a website itself is secure, if the browser being used to access it is compromised. Once in the door, a hacker can gather user IDs, passwords, trade information, client data … the works.
You may see the risk, but still be worried about legacy applications and how an updated browser might interact with them. Certainly, you want to take appropriate steps to understand and address how a browser release might impact legacy applications, but the greater concern should actually be your modern software-as-a-service (SaaS) applications, which likely handle a variety of mission-critical operations. Responsible vendors keep their SaaS applications aligned and compatible with the most current browser versions in order to ensure the highest degree of functionality and security. Therefore, using an older browser will often cause your SaaS applications to function at a less-than-optimal level.
Looking at the situation holistically, the only pro to maintaining an older browser is avoiding a potential impact on legacy application functionality. The cons are increased security risks for company and clients, and the possibility of a negative impact on modern SaaS applications. Or, in other words, you avoid one potential risk but gain a host of other definite risks.
Browser updates? It’s time to bump that one to the top of the priority list.