This article I read was about the Nevada Department of Corrections. They were audited a couple weeks backs and auditors found that they were not updating their system’s security. It was found that over 211 desktop systems there had not had system upgrades in months and one prison indicated that the equipment there had not been upgraded since 2010.
This is a fairly long time, though it seems that a majority of companies have not been updating their systems, leaving vulnerabilities open for hackers to exploit. The state put in standards for virus protection on their computers and some boxes didn’t even meet this standard.
The auditors say that the department needs more controls to make sure that things such as sensitive information stored in photocopiers are erased. Luckily since this audit, they have been working on correcting the problems in their systems.