Security Vulnerabilities: How to Avoid Patching Perils

With all of the buzz about data breaches and hackers infiltrating systems, we can become desensitized to the amount of information and recommendations being thrown at us, especially if our budgets don't allow for the latest “high tech” tools to protect our systems and data.

Articles published January 31, 2018 by Vicky McKim, MBCP, MBCI

IT Avoid Patching Perils

With all of the buzz about data breaches and hackers infiltrating systems, we can become desensitized to the amount of information and recommendations being thrown at us, especially if our budgets don’t allow for the latest “high tech” tools to protect our systems and data. If you happen to fall into this category, you have a few options. 

One is training employees to watch for social engineering attempts and to be vigilant to scrutinize requests for information to prevent phishing attempts from being successful.

Another option, that is frequently overlooked or not managed consistently, is patching. 

Recently, the Intel security vulnerabilities, now known as Meltdown and Spectre, have been making headlines. These flaws are found in most of Intel’s microprocessors (or chips) in computers and mobile devices, and enables hackers to access sensitive data from computers when they open and use certain programs. If you have a device that uses chips from Intel, AMD, or ARM, there are vulnerabilities. To prevent hackers from attacking your affected devices, it’s best to install the appropriate patches as they become available. Here’s why.  

The Importance of Patching

In the past, Europe has had its struggles with routers being used to take down internet and voice. Another well-known U.S. voice service provider had their routers used by hackers to access networks by bypassing firewalls intended to protect systems. The well-known Equifax breach that impacted millions of customers in 2017 could’ve easily been prevented. In all cases, the patching was not up to date and the vulnerability was easily used to bring down networks or compromise systems. We all know the issues software platform providers have as they struggle to keep patching current against the latest malware.

For companies that have hundreds, or even thousands, of end points, patching is an obvious challenge. However, it’s also burdensome for smaller companies. Regardless of your size, it’s imperative to find ways to consistently patch routers, switches, operating systems, software, and servers with the most current releases to preserve the integrity of the network and prevent hostile network takeovers.  

A Simple Solution

So, here is a simple solution: Make it a priority to apply the latest recommended patches to your products as soon as possible after they are released to the public. Apply them in a test environment first and have a roll back plan if the patch causes major issues with your customized configurations. Work with your vendors to make sure their equipment on your premises is up to date, as well. Make sure your business partners are doing the same. Lastly, you could consider patch management as a service to remove the internal burden of managing and applying patches and updates. Closing this vulnerability is a simple way to reduce your network and data risk exposure.

Learn more about Aureon’s managed IT services.

What is your plan for patch management?

It’s pretty clear to the average business owner – or consumer – that hacking innovation is on the rise.

  • 2015 CNN Money report claimed nearly one million malware threats are released each day.
  • A January 2016 Wired magazine article outlined a number of trends in cyber intrusions, including extortion hacks, Chip-and-PIN innovations and methods to change and manipulate data.
  • According to a Security magazine report, McAfee Labs researchers saw more than four million samples of ransomware in the second quarter of 2015, including 1.2 million that were new. And that number is growing.
  • Truth and Power documentary on Pivot television network reported that in January, drug traffickers hacked the GPS of U.S. Border Patrol drones to make it possible for them to cross the border with Mexico illegally and avoid surveillance.

IT Enhancing Security White Paper  

About The Author

Vicky McKim, MBCP, MBCI

Vicky McKim is 1 of 125 professionals internationally to hold her level of certification.  She is a Certified Risk Management Professional, holds a Master Business Continuity Professional Certification and is an Associate Fellow of the Business Continuity Institute. Vicky has 30 years o ... read more

See more by this author