Patching vulnerabilities is essential for front-line defense, yet unpatched vulnerabilities remain a leading cause of data breaches. An overwhelming majority of people – including security professionals – tend to delay or put off updating or patching their systems. Survey data suggests that eight out of 10 CISOs and CIOs have postponed a patch simply because it would be inconvenient. Failure to patch is compounded by the fact that system updates are often regarded as “unimportant” by other employees. This could not be further from the truth.
While it is true that all patches are updates, not all updates are patches.
Further, not all vulnerabilities are fully resolved in a single patch; sometimes multiple patches are needed. Patching and performing system updates are both important, but knowing the difference can help you ensure critical vulnerabilities are resolved.
Understanding updates
Software updates are issued by vendors for a variety of reasons. These can include fixes for performance bugs, new features and other improvements. “Updates” is a broad term that covers a lot of ground. But people don't update their software as much as they should. While many updates contain security fixes, there is no shortage of reasons why people skip out on updating their systems.
To many people, “updates” are just those annoying pop-up windows that appear on their computers or phones. Others have had bad experiences with updates, such as malfunctions or slower processing. These turn-offs can be especially hard to reckon with in an office environment; no one wants to be the guy slowing the business down. That's part of why so many CISOs and CIOs admit to postponing updates. Even when it comes to patching for vulnerabilities, security professionals are often put between a rock and a hard place when other business units don't grasp the importance of cybersecurity.
While you may be able to postpone fixes for performance bugs, patches are another story.
Why Patching Is Important
While general software updates can include lots of different features, patches are updates that address specific vulnerabilities. Vulnerabilities are “holes” or weaknesses in the security of a software program or operating system. Malicious actors can then use code to exploit these vulnerabilities – unless, of course, you patch for it. Patches minimize your attack surface and protect your system against attackers.
“While general software updates can include lots of different features, patches are updates that address specific vulnerabilities.”
Even though patching vulnerabilities is vital for good cyber hygiene, far too few organizations take action when necessary. That's why 60 percent of data breaches are traced back to unpatched vulnerabilities. In late May, Microsoft issued multiple warnings about the necessity of patching for BlueKeep, a critical vulnerability discovered earlier in the month. Even the NSA has issued warnings about BlueKeep's potential threat, and yet, experts say not enough people are patching for it. Estimates suggest around a million machines on public Internet remain vulnerable.
Patching vulnerabilities in a timely manner may be what saves you from a breach. Automated patch management solutions can make the process of patching for vulnerabilities more streamlined – and help ensure that updates are deployed to every device in your network. Maintaining good cyber hygiene practices is essential for minimizing your attack surface and keeping breaches at bay.
Sources:
Start your free trial now.
Get started with Automox in no time.
