If your OS patch security is not current with known vulnerabilities, you are nearly three times (3X) as likely to experience a breach that could adversely impact your entire network. To see the damage that can be done, you don’t have to look back any further than the WannaCry attack that hit our collective consciousness on May 12, 2017, and affected more than 300,000 endpoints in more than 150 countries.
Microsoft had released a patch for this security vulnerability months before, yet it still impacted hospitals, schools, telecoms, and banks, among other infrastructure providers. The techniques employed by WannaCry are not new, they follow the same pattern as past attacks, exploiting known vulnerabilities because patches are either ignored or aren’t deployed for months. The silver lining from this attack is a renewed emphasis on patch security.
The lack of patch security is not a new phenomenon, in fact it’s been an ongoing dirty little secret for years. The challenge is that as technology evolves, so does expectations of the IT department. Unfortunately, no CEO is specifically asking about patching status. Instead they want to know the company is secure against attacks without getting into the details. Thus, it’s up to IT to figure it out and provide confidence to the executive team that the technology “house of cards” won’t come tumbling down.
The difficulty lies in the fact that it’s not just security that IT has to worry about. They are also being tasked with:
- Improving customer experience
- Digital transformation initiatives
- Implementing new IT practices (containers, devops, bimodal, mobile, etc…)
- Moving to a cloud infrastructure
- Addressing a widening skills shortages
With this amount of work to manage, it’s no surprise that patch security is not at the top of anyone’s list. And it shouldn’t be. Security patching is one of the core IT functions that should be automated. Technology has made patch automation for more efficient, requiring only basic management oversight to ensure workflows are running properly and systems are current with new (and old) patches against vulnerabilities.
With the number of cyber attacks continuing to increase, Brad Smith, President and Chief Legal Officer at Microsoft stated, “as cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”
A recent study explored the link between outdated systems and data breaches. They found that 6% of companies had more than 50% of their workstations running out of date operating systems, and 24% had more than half of their workstations running out of date browsers. This correlated with a 3X and 2X increase in data breaches accordingly.
The time required to apply patch updates was also found to be an issue. More than 40% of Apple devices had not been updated to Sierra more than two months after its release. And almost 50% of Windows devices were still running Windows 7, while 20% were still running Windows XP and Vista, neither of which are supported by Microsoft anymore.
Automox was designed with exactly these problems in mind. We want IT to be able to focus on the initiatives that drive innovation. That’s why we’ve automated the patching process, including remediation, with a simple yet powerful cloud based platform that reduces the amount of time and resources required to stay current against vulnerabilities by 90%. And it works with every OS (Windows, Mac, and Linux) as well as 3rd party software, one solution for patch security.
To learn more, you can visit our website. Or if you’re interested in seeing how it works first hand, request a demo. And if you’re ready to try it out, you can start with a 15 day free trial that provides full access to all of the features in our platform.