To patch or not to patch? And what is patching anyway?

If you own a computer, it is very likely you know something about patching, or updating, software. First, this is different from upgrading, which usually means a developer of software has added new features or made significant changes to the application.

Essentially, the term patch comes from the idea of closing a weakness, or hole in software, that allows an attacker to take action they should not. These are discovered either by an outsider or the developer of the software. The patch is designed to modify the application in order to close the hole—otherwise known as a vulnerability—or to fix bugs and/or errors.

Why do we care about closing these vulnerabilities? We care because software vulnerability is a leading attack vector, and yet one of the simplest to secure. According to recent study by Fortinet, 90% of attacks leveraged vulnerabilities that were known for three or more years, and 60% for 10 years. In Verizon’s 2018 Data Breach Investigations Report, they reported 99.9% of exploited vulnerabilities were known for more than one year before an attack. It is essential to close these vulnerabilities at home, as well as in your business.

Many individuals and organizations do a very poor job of keeping up on patching and, as a result, leaving themselves exposed. I can speak from experience, as we at Alvaka Networks patch thousands of servers and desktops for corporations every month. While the application of patches is straightforward, if delayed, done poorly, or without proper consideration of back-up, application corruption, post patch testing and other issues, serious damage and business interruption can occur.

So, get to work closing those gateways to malware and hackers…PATCH, PATCH, PATCH!!!

 

Kevin McDonald, COO & CISO – Alvaka Networks

Kevin B. McDonald is the chief operating officer and chief information security officer at Alvaka Networks. Kevin is a trusted technology and security practitioner and public policy advisor to some of America’s most influential people and organizations. He advises corporate executives, federal and state legislators, law enforcement, high net worth individuals and other business leaders. He is a sought after consultant, writer, presenter and trainer on the issues surrounding personal, physical and cyber security, compliance and advanced technology. Kevin has written for and been interviewed by dozens of national publications and on major television, radio and digital outlets.

Chairman, Orange County Sheriff/Coroner’s Technology Advisory Council (T.A.C)
Member, OC Shield
Member, FBI InfraGard
Member, O.C. Homeland Security Advisory Council (OCHSAC)
Member, US Secret Service’s LA Electronic Crimes Task Force (LAECTF)

2018-10-18T11:02:00+00:00