Table Stakes for Cybersecurity: Patch and Patch Again

Dateline: December 22, 2017

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

Keeping with our focus on cybersecurity, this week we look at the very basic issue of keeping our systems secure.  We trust our tech leaders to do what is needed, but more often than not, it’s the basic blocking and tackling that gets skipped and opens our organizations up to vulnerabilities.  Recently, at article published by Security Management (a publication of ASIS International), reminds us how important this basic tactic is. Megan Gates, associate editor of Security Management, published the article Held Hostage.  She suggests:

Regularly patching systems is critically important, as shown with the WannaCry ransomware attack, but it is something many organizations continue to struggle with, [Eldon Sprickerhoff, founder and chief security strategist at cybersecurity firm eSentire,] says.

“It’s a sad sort of situation—it isn’t sexy. Nobody brags about how awesome their patch rigor is,” he adds. “It’s not very interesting, but it is so necessary.”

One reason that companies struggle with staying up to date on patching is that it’s impossible to be proactive. A company’s IT team has to wait for a vendor, such as Microsoft, to release a patch to fix a vulnerability in its system. The team then has to test the patch to ensure that it doesn’t disable other features in the system, and then it has to be installed.

“And it’s a monthly occurrence where Microsoft has Patch Tuesday,” Sprickerhoff says. “They release some big patch bundle and you have to do it all over again, every month. Rinse, repeat. And so a lot of people say ‘I’m going to do it once a quarter unless things are really crazy and I feel like I need to do this.'”

How does your organization rate on keeping up with patching? How do you make sure your organization keeps up with  basic blocking and tackling?

That’s a WRAP!  Have a wonderful holiday season!

Speak Your Mind