Following on from yesterdays article about using obsolete kit – almost as bad is using kit that has not been patched. There is a good reason that many of my articles here on Smart Thinking are about patches and updates, it is the most powerful cyber security step you can take, that is within your control. You have to wait for the vendors to release the patches but then it is up to you.
Software is complex and although tested, flaws slip through. Vendor patches are therefore important if you do not want threat actors to exploit your systems.
Microsoft is one of the top target for hackers when it comes to searching out vulnerabilities. We live in a Microsoft world and their enormous software and infrastructure empire makes for a rich target. If you run or interact with any Microsoft product you have to take Microsoft Patch Tuesday and any Microsoft Out-Of-Band (OOB) patches seriously.
Patch Tuesday is next week – I’ll post a reminder here for you.
We have software available that allows us to monitor whether patches have been applied to all of your teams computers. It makes it easier to check that those cyber security holes have been closed.
Are there people that do not patch?
Yes, and some of those people run serious networks and systems!
Have a read of Jessica Lyons Hardcastle’s article over on The Register if you need more convincing of the importance of patching and not patching.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
The wrong way to manage security patches…
The Zero-day Threat – What is it?