Your business couldn't run without its devices, but those self-same devices could be putting your business in danger.
That's Patch 22.
As we add more and more desktops, laptops, tablets and phones to our business networks, it becomes more and more important to ensure each one of them is as secure as possible. After all, any network is only as secure as it's least secure device.
And at the very centre of device security is patching.
Patches are small software updates designed to specifically address a specific issue with that software, usually a security or core usability issue.
Patches are the most important type of software update and not to confused with other types of updates, such as bug fixes or feature updates, which are not usually as critical to the integrity or security of that software.
Security patches are usually released by hardware or software vendors in direct response to an issue or vulnerability being discovered.
Such vulnerabilities are not always uncovered by hackers, but as soon as a patch is publicly released, it becomes much easier for would-be-hackers to discover them. As such, the longer devices are left without a patch being applied, the more exposed they are.
And that's why patching is so important. According to ZDnet.com, 1 in 3 cyber security breaches are caused by unpatched vulnerabilites.
In May 2017 the NHS was hit by the largest cyber attack ever to hit the UK, which has been estimated to have cost the NHS, and with it the UK taxpayer, close to £92 million.
The NHS wasn't a specific target of the attack, but became a victim because it had failed to properly patch devices quickly enough.
Before the attack hit Microsoft had released a patch that would have prevented the attack, and the NHS trusts that did apply the patches avoided becoming victims. Some devices were even found to still be using Windows XP operating system which was out-of-support by the time of the attack (meaning no new patches would be developed).
This lack of a cohesive approach to something as simple as keeping software up to date has cost them dearly. The Government's own report has estimated the cost of the attack to be £92,000,000.
Since the attack the NHS has put a lot of work into ensuring such an attack doesn't happen again, and active patch management is central to this strategy.
Patching can be done manually, or by setting devices and software to auto-update where available, but this still has its problems:
Patch management services use software platforms and automation, administered by IT professionals, to apply control to patch management and take out a lot of the hard work too.
A patch management service will help you by:
Patch management helps you to take control of your device estate and ensure it isn't creating vulnerabilities within your business, and in doing so, help you avoid falling into Patch 22!