Ninety percent of corporate PCs are a security risk because they are not fully patched, or do not have basic security such as anti-virus software and firewalls properly installed.
That's the rather staggering revelation made by the results from Sophos's free Endpoint Assessment Test*, which has scanned Windows computers on thousands of different business networks over the last year.
There are lots of interesting stats that have come from companies running the test, but here are just a couple I think are worthy of mention.
Here are the statistics which reveal that the most common missing patch on Windows computers is an operating system vulnerability fix, followed by patches for Microsoft Office:
Note that end users can be missing patches from one of more categories, and that the test was only run on Windows computers.
Companies scanning their computers with our free utility have also found that although anti-virus software and firewalls are being used, an alarming percentage are either not enabled or not updating properly:
Results like this are pretty chilling, and underline the importance of proper patch management and ensuring that all of your computers are compliant with your security policy.
* Endpoint is a rather poncy word that marketroids use for "computer" by the way. I don't know why they think it's cooler to use a word that most people would never use in regular conversation ("Hang on, I'm just booting up my endpoint"), but for some reason they do. Bless them.