Whenever a vendor makes improvements or includes new capabilities on a previously-released platform, it comes with a software update.
Vulnerabilities and the consequences of late patching
Exploiting known weaknesses is a top strategy leveraged by hackers. Therefore, organisations must be sure to apply and deploy patches as quickly as possible after they are released by hardware and software vendors. This significantly reduces the chances that these known weaknesses or issues could be used against the business within an infiltration or cybersecurity attack.
How to overcome patch management struggles
One 2015 study found that some organisations don’t put updates in place until as many as 100 days after patches are released. Thankfully, this attitude has changed a bit in the wake of vulnerabilities like WannaCry and Petya.
Here are four key best practices to consider implementing within enterprise patch management processes:
- Awareness and automation: While impacts from WannaCry and similar attacks certainly send a message, one of the first steps in improving an updating strategy is to ensure awareness of the importance of timely patches. A 2017 study from Forbes and BMC found that businesses are becoming more dedicated to this, and are increasing their investment in automated patching solutions to help. Overall, 43 percent of executives said they’re working with their IT team to make patching a more critical priority.
- Avoid ad hoc patching: While ad hoc patching may take place in certain instances, using this as a regular strategy can become a serious issue for today’s businesses. It’s important that executives and IT leaders work to avoid ad hoc patching, and utilise a more holistic approach and regular schedule to ensure that updates are applied as soon as possible to affected hardware and software.
- Prioritize appropriately: Timeliness is one of the biggest challenges of patch management – sometimes, it simply isn’t feasible to apply a patch the same day (or even week) that it’s released. Other IT initiatives and important projects may not leave enough time to devote to these pursuits. As TechRepublic contributor Mary Shacklett noted, certain patches, like those strictly for performance improvements and other non-critical bugs, can be put off. But updates related to security vulnerabilities should always be prioritised and applied as quickly as possible.
- Test patches after installation: Once a patch is in place, however, the IT team’s work isn’t completed just yet. It’s imperative that IT admins test patches after they’ve been installed to fully ensure that they work appropriately and that weaknesses have been addressed.
Credit source: https://blog.trendmicro.com/the-patching-problem-best-practices-for-maintaining-up-to-date-systems/?utm_source=GoSocial%20Trend%20Micro&utm_medium=Trend+Micro&utm_campaign=GoSocial%20Trend%20Micro
Contact firstname.lastname@example.org to learn more today.