Cybersecurity: Patch management
Patch management is about keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks. Any software is prone to technical vulnerabilities. Once discovered and shared publicly, these can rapidly be exploited by cyber criminals. Criminal hackers can take advantage of known vulnerabilities in operating systems and third-party applications if they are not properly patched or updated.
Why is patching important?
Prompt patching is essential for effective cybersecurity. When a new patch is released, attackers will quickly identify the underlying vulnerability in the application and release malware to exploit it. If a criminal hacker can successfully attack before the target patches the vulnerability, there is a high risk of a data breach.
According to a Helpnet Security report, Microsoft has been aggressively campaigning to get users to stop using Windows XP, and even went as far as offering $100 off the purchase of a new PC via the Microsoft Store in order to sweeten the switch to a newer OS (at the time, Windows 8). But there is a massive number of devices that won't be so easily upgraded, as 95% of ATMs were still running on the unsupported Windows XP one month before the software was due to expire.
A recent Ponemon Institute survey highlighted the scale of the problem, revealing that almost 60% of breaches suffered by organisations were because of unpatched vulnerabilities.
The survey also found that organisations that avoided being breached rated their ability to patch vulnerabilities in a timely manner 41% higher than those that had suffered a breach.
How to protect yourself
To keep itself protected, your organization should routinely ensure that software is:
- Licensed and supported
- Removed from devices when no longer supported
- Patched within 14 days of an update being released in cases where the patch fixes a vulnerability with a severity the vendor describes as ‘critical’ or ‘high risk’.
View another Cyber Essentials control:
Speak to an expert
For more information about the Cyber Essentials Scheme, get in touch with one of our experts today.