Are your business devices fully up-to-date and secure?
Your business couldn’t run without its devices, but those self-same devices could be putting your business in danger.
That’s Patch 22.
As we add more and more desktops, laptops, tablets and phones to our business networks, it becomes more and more important to ensure each one of them is as secure as possible. After all, any network is only as secure as it’s least secure device.
And at the very centre of device security is patching.
What is patching?
Patches are small software updates designed to specifically address a specific issue with that software, usually a security or core usability issue.
Patches are the most important type of software update and not to confused with other types of updates, such as bug fixes or feature updates, which are not usually as critical to the integrity or security of that software.
Why is patching important?
Security patches are usually released by hardware or software vendors in direct response to an issue or vulnerability being discovered.
Such vulnerabilities are not always uncovered by hackers, but as soon as a patch is publicly released, it becomes much easier for would-be-hackers to discover them. As such, the longer devices are left without a patch being applied, the more exposed they are.
And that’s why patching is so important. According to ZDnet.com, 1 in 3 cyber security breaches are caused by unpatched vulnerabilites.
Patching and the NHS hack.
In May 2017 the NHS was hit by the largest cyber attack ever to hit the UK, which has been estimated to have cost the NHS, and with it the UK taxpayer, close to £92 million.
The NHS wasn’t a specific target of the attack, but became a victim because it had failed to properly patch devices quickly enough.
Before the attack hit Microsoft had released a patch that would have prevented the attack, and the NHS trusts that did apply the patches avoided becoming victims. Some devices were even found to still be using Windows XP operating system which was out-of-support by the time of the attack (meaning no new patches would be developed).
This lack of a cohesive approach to something as simple as keeping software up to date has cost them dearly. The Government’s own report has estimated the cost of the attack to be £92,000,000.
What is patch management?
Since the attack the NHS has put a lot of work into ensuring such an attack doesn’t happen again, and active patch management is central to this strategy.
Patching can be done manually, or by setting devices and software to auto-update where available, but this still has its problems:
- Patches can take a while to apply, which can mean downtime for the worker and a thankless, repetitive task for the person doing it.
- Knowing which devices and software to patch can be difficult without very thorough, up-to-date records.
- Being aware of what new patches are available can be a lot of hard work in itself.
- Patches can break other things. Critical security fixes can’t always be thoroughly tested before they are released. Imagine patching every device in your business only to find out you then have to undo every patch
Patch management services use software platforms and automation, administered by IT professionals, to apply control to patch management and take out a lot of the hard work too.
A patch management service will help you by:
- Allowing patches to applied centrally and across all devices
- Scheduling patches to be applied outside core work hours.
- Triaging and testing patches before application
- Enabling single-click roll back in case patches do cause issues.
- Prioritise patches based on security urgency.
- Allow you to view your whole device estate, their specification, software and patch status, at a glance.
Patch management helps you to take control of your device estate and ensure it isn’t creating vulnerabilities within your business, and in doing so, help you avoid falling into Patch 22!
We can help:
Patch management is included in Total Care IT, alongside IT support and cyber security software.
I now understand…
- What patching is.
- What can happen if patches aren’t properly applied
- What patch management is and how it helps make my business more secure.
Alex & Jordan provided the usual exceptional service that One2Call have always provided. Thanks, one and all.
Paul D, AJ Marshall
Can contact support quickly, & visiting engineers communicative & polite/friendly.
Very efficient and clean up after job. Very competitive prices.