Over two-thirds of organizations are running unsupported versions of Microsoft Office, exposing them to cyber-threats, according to a new study from Spiceworks.
The IT professional network polled over 1,100 IT pros in the US, Canada and UK to better understand the usage of productivity suites in their organizations.
It found 68% are still running some instances of Office 2007, despite the package reaching end of support in October this year.
The bad news doesn’t end there: 46% were running Office 2003; 21% Office 2000; and 15% are still on Office XP (2002 version). Some 3% even claimed they are still running some machines on Office 97.
“Although they might not grab as many headlines as end-of-support OSes, Office suites that are past their prime are susceptible to danger, similar to their OS cousins,” explained Spiceworks senior technology analyst, Peter Tsai.
“Just like any software or system in use, productivity suites need to be patched for security reasons. Once an OS no longer receives updates, it's a security liability. Over the years, there have been hundreds of vulnerabilities identified in Microsoft Office.”
If organizations need reminding of the damage that can result from an unpatched vulnerability, they just need to look at the chaos inflicted by WannaCry and NotPetya, two worm-like ransomware threats that caused mass service outages across the globe in May and June.
Global shipper Maersk has already admitted NotPetya may end up costing it $300m, while FedEx arrived at a similar figure.
It’s not all bad news, however, with Spiceworks revealing that over half (53%) of responding organizations are using Office365, the online productivity suite which is always up-to-date. A further 17% plan to migrate over the next two years.
In addition, 17% are currently using Google’s G Suite.
The report claimed mid-sized firms (100-1,000 employees) are most likely to run Office 2007, with larger organizations usually having more funds to keep up-to-date with the latest software and smaller counterparts having migrated more readily to Office 365.