The failure to fully apply security updates (patches) to operating systems and software applications is the leading cause of cybersecurity compromise.
A recent survey by Ponemon Institute of over 3,000 organizations, found that half had experienced a cybersecurity breach in the last 2 years, and the majority of these were caused by the exploit of a vulnerability for which a patch was available.
What did the half that had not been compromised do differently? They had patched their environments.
Given that patching is so essential, why don’t more organizations simply patch their environments? It turns out that it is not so simple…
- Patching greatly increases the risk of an outage. The real pain of an actual outage in the “here and now” is felt more acutely than the theoretically larger pain of a security compromise. For this reason, many organizations defer patching indefinitely. See: Will Patching Break My Network?
- Patching of critical systems must occur outside of normal business hours. Many organizations do not staff their IT departments around the clock, yet this is when patching of critical systems must occur.
- Risk is unknown. Many organizations do not scan for unpatched vulnerabilities and do not recognize how exposed they really are. Without hard evidence, it’s difficult to generate the will to act.
Our recommendations? Scan your environment for unpatched vulnerabilities to understand your current level of risk. And do not procrastinate any further! Take action to implement an effective patch management process.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.