The Verizon Data Breach Investigations Report of 2019 analysed 41,686 security incidents, including 2,013 confirmed data breaches, and reported that 43% of cyber attacks were performed on small businesses.

In Verizon’s words: “Every time a vulnerability is disclosed or a system update or patch is released, a hacker sees an opportunity.”

Slow patchers = happy hackers

Cyber criminals do their research and then make confident attacks. When a patch is released, they work out what the vulnerability is by using software to compare the existing software with the patch. They then act quickly to create malware to exploit the vulnerability, and catch the organisations and individuals who are slow to implement the patch. This can be done in minutes by adapting existing malware by even the most novice hackers.

Forbes recently reported that within the past three weeks Google released five potentially dangerous vulnerabilities, including two zero-day, in the Chrome web browser: “Some people are slow to update their browsers, which leaves an attack window open for days, weeks, or even longer in some cases.” Following the release the USA’s Cybersecurity and Infrastructure Security Agency (CISA) warned around 2 billion browser users about the security flaw that affects Windows, Mac and Linux systems.

What patches do directly:

• Fix security vulnerabilities
• Improve the performance of an application or operating system
• Address a bug or software error
• Reduce your exposure window for cyber attacks

What patches do indirectly:

• Avoid loss of productivity
• Protect your data
• Protect your customers’ data
• Protect others on your network
• Contribute towards data compliance

Patching is part of the lifecycle management of your IT system, and by doing it you’re protecting your devices against malware and other cyber threats, while keeping them stable and running optimally. You’re also taking steps towards the safety aspect of your continuing data compliance. 

Operating systems need to be patched as quickly as possible, and so do third party applications, office applications and tailor-made applications. It can become an onerous task, considering that each application may issue several patches per month, and that Microsoft alone puts out thousands of vulnerability patches every year.  

The Ponemon Institute, a private research organisation, reports in the Costs and Consequences of Gaps in Vulnerability Response that more than 70% of organisations who suffered a data breach in 2019, weren’t patched with latest updates. This wasn’t because they didn’t bother to install necessary patches but because they simply weren’t fast enough to, or didn’t have the manpower to keep up with the task. 

How can I keep up with patching? 

If like most of us you’re running many applications at once, it can become a fulltime job keeping up with patches and implementing them quickly. It’s becoming easier with the rise of “software as a service” options that automatically scan your applications and operating system for missing patches and known vulnerabilities. Otherwise it’s a matter of being vigilant about doing the job manually.  

What patch management software as a service does 

Patch management software tools can reduce your risk and strengthen your devices’ security by auditing, monitoring and prioritising updates to apps and operating systems so that patches will be executed as soon as they’re available, and to all devices.  
 

Cyber security leaders say patch management should be treated as a risk management exercise under your cyber security strategy. Patching is by no means all you need, but it is a valuable element of a robust cyber security plan. 
 

Chat to us about patch management software as part of your cyber security strategy.