Blog

Categories
Cybersecurity - Detection and Response Blog

Top Five IT Security Risks: Lack of Security Patching

The Top Five IT Security Risks of 2017 Threat Two: Lack of Security Patching

Hello readers, This is the continuation of the mini-series The Top Five IT Security Threats of 2017 by Shawn Pate, Senior Technical Advisor. 


Let us continue our journey through The Top Five IT Security Threats of 2017. Last time, we covered the number one threat to IT Security in 2017 – End Users. We will now jump right into threat number two – Negligence in Security Patching.

2017’s Top 5 Threats to IT Security

  1. End Users 
  2. Lack of Security Patching
  3. Lack of Security Software and Hardware
  4. Inadequate Backup Planning and Execution
  5. Stagnate IT Staff

Threat Two: Lack of Security Patching

Why it is a threat

When operating systems and applications are first built, the program will often contain unnoticed security holes that hackers and malicious programs can exploit to gain access to a computer or even an entire network. As these holes are discovered, the program creator will deploy security “patches” to fix them.

But patching is supposed to happen automatically, right? How can this simple issue be one of the top five security threats of 2017?

It’s true that some security patching happens automatically (you’re probably familiar with standard Windows Updates from Microsoft). If you use Windows, you may have seen something like this after restarting your computer:

Update screen Applications pose a more difficult challenge. They can also have security vulnerabilities that require patching, but in some cases the patches for these applications do not install automatically and are commonly overlooked. That creates an easy “window” of opportunity for the bad guys.

Your users may not even be aware of the vulnerability, having disabled or ignored the option to automatically install updates. There may even be forgotten or unused software on the computer that can be exploited. Out of sight, out of mind – hence negligence occurs and vulnerabilities go unresolved.

How to minimize Lack of Security Patching

With the right tools and processes, almost all patching can become routine and automatic, while staying effective. WorkSmart deploys tools that manage Operating System and application patching. Our Back Office team manages the patching tools and process closely to make sure our clients are as secure as possible.

Because it’s fairly automated, no one talks about patching until there’s an issue like the Wannacry outbreak—experts currently believe the ransomware exploited missing system patches instead of the more typical phishing scam to gain control.

Fortunately, our systems protected WorkSmart customers from this attack. 99.4% of the thousands of devices managed by WorkSmart already had the necessary patches prior to the outbreak. The rest were patched within a few hours, and none of our clients have been affected by Wannacry.

Make sure your patching process is thorough by combining the right mix of proactive people, tools, and processes. And if you aren’t sure you are covered; you can always contact us.

Thanks for reading part two of our series. Watch for the continuation:

2017’s Top 5 Threats to IT Security

  1. End Users 
  2. Lack of Security Patching
  3. Lack of Security Software and Hardware
  4. Inadequate Backup Planning and Execution
  5. Stagnate IT Staff

Until next time,

Shawn Pate