The German IT security watchdog has issued a warning about a large number of e-commerce Web sites that are infected with malware and the reason for the infections is simple: the Web site operators have failed to keep their software up to date.

This is the privileged identity management and security management specialist, a classic case of cybercriminals taking advantage of business computer users who have either overlooked the need to update their e-commerce software – or who are just too busy to keep track of all their applications.

The fact that the e-commerce software that is at the heart of this problem is open source is probably the cause of the failure to patch and update, as unlike commercial software, there is no-one to ‘nag’ the user about the need to update.

Of course, the users of the e-commerce software also have the advantage that they will have saved money in going down the open source route, so it’s a shame that they haven’t invested some of those savings in additional software that auto-updates their applications or – at the very least – keeps track of the various versions of software installed and alerts them of the need to install the necessary patches.

Good IT security is about developing the right strategy in managing your computer systems. You can install best-of-breed security software to defend your IT assets, but without an effective planning and review strategy to back that software up, the advantages can quickly be lost.

And the malware that has caused the German regulator to issue its warning takes advantage of outdated software of all types, with the end result that visitors to the various affected sites are being routed via drive-by download infections – something which can have a serious effect on the brand of the company whose Web portal is infected.

Word travels quickly about companies that fail to look after the security interests of their customers and site visitors. Before long, news of an infected e-commerce site will have spread far and wide, and sales will almost certainly take a nosedive as a direct result.

In the longer term it can cost a company dearly if it suffers reputational damage arising from a site infection, and this can even impact on its share price – all from a failure to keep the businesses’ software up to date.

You’d think the moral of the story here is to go for commercial software over open source, but the reality is that unless the company keeps its systems and software patched and fully up to date, its system security is going to be impaired – no matter what software it has installed on its systems.

With the newswires talking about as many as eight million infected Web pages arising from the osCommerce failure-to-patch saga, this is a potentially major problem that could so easily have been prevented. The message is clear: computer users need to patch, update and patch again, in order to maintain their optimal security posture.