REQUEST A CONSULTATION
REQUEST A CONSULTATION
  • There are no suggestions because the search field is empty.
gray wave
Strategy | Security | 3 min read

In Defense of Patching

Nick Bambulas
Written by Nick Bambulas
11/04/2020

Patching may not seem as exciting as other cybersecurity tools like advanced endpoint detection or SIEM (security information and event management). But it plays an essential part in your network security.

Why is Patching Important?

It helps protect your data. Stealing valuable data is the end goal of most cyberattacks. Your employees and customers trust you to keep their personal information secure and private. Patching closes some of the doors hackers use to infiltrate your data.

Patching plugs cybersecurity holes. Security vulnerabilities are like a welcome mat for attackers. While you may not be able to predict or prepare for every cyberattack on the planet, making sure patches are installed and monitored for compliance is an effective way to reduce the risk associated with cyberattacks that exploit unpatched systems.

It helps you avoid downtime. A cyberattack can bring your entire network to its knees. All that lost productivity can cost you a fortune. Patching helps prevent a wide variety of damaging hacks.

It protects others on your network. Once a cyberattack worms its way into a computer on your network, it doesn’t take long for it to spread to every corner. Just one unpatched workstation or app can hurt your entire company. But properly patched operating systems and software stop attacks from gaining a foothold in your organization.

Don’t Become a Victim of Unpatched Systems

These organizations learned the hard way that patching isn’t something to push off onto the back burner.

WannaCry: The UK’s National Health Service (NHS) got hit hard by this ransomware in 2017. Thousands of operations and appointments had to be cancelled. Some healthcare facilities were unable to treat patients. Yet two months before WannaCry attacks even began, Microsoft had released a patch to fix the target vulnerability in Windows OS. As a relatively unsophisticated attack, WannaCry could have easily been prevented by applying the patch.

Equifax: Who could forget this headline-grabbing breach in 2017? 143 million data records were compromised all thanks to an Apache vulnerability on their webserver. The flaw was discovered and a patch made available more than two months before the breach occurred.

British Airways: In 2018, British Airways suffered a data breach that impacted nearly 400,000 booking transactions. By not properly securing their web app components, BA fell prey to a cross-scripting attack that took advantage of vulnerabilities in their website.

These are all instances of successful cyberattacks on unpatched systems. They also have something else in common: they could have been avoided by updating and patching their software.

A Patch Management Program Can Help

Tens of thousands of new software vulnerabilities are discovered every year. That adds up to a lot of patches. In addition, best practice says to implement critical patches within 30 days of release and non-critical patches within 90 days.

Keeping track of new patches and ensuring all necessary patches are applied in a timely manner can be its own full-time job. Unless you have a large in-house IT staff, there’s probably not enough manpower to oversee all that patching.

That’s where a managed IT provider like Elevity can help. We can monitor your software and systems and apply patches quickly throughout your organization as part of a comprehensive patch management system.

A patch management program analyzes the software and systems you’re using to determine whether patches or updates are available. It downloads any patches in the background. Then they can be installed at a specified time that won’t interrupt work schedules. Additionally, reporting is available to easily identify systems that are not current and require attention to maintain organizational and compliance policies.

Patching is a Team Effort

Just like cybersecurity as a whole, patching and updating isn’t just IT’s responsibility. Everyone needs to do their part by applying updates as soon as they’re released.

Many of us are working from home, using multiple personal and corporate devices during the day for work, school, or entertainment. If any of your devices are using outdated systems or software, you jeopardize the safety of not only your home network, but your entire organization’s network.

Encourage your employees to keep their software and apps up-to-date. Turning on automatic updates can help, but it’s also a good idea to periodically scan for any new patches. Educate your users on the importance of applying new updates immediately.

 

A multi-layered approach to cybersecurity risk management is critical to successful IT operations for any organization. If you're concerned about your IT systems and want to discuss patching and an overall cybersecurity plan, let’s talk.

Subscribe by Email