[BreachExchange] How Poor Patch Management Can Lead To Cyber Security Risk?

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jun 14 20:59:37 EDT 2018


https://channels.theinnovationenterprise.com/articles/how-poor-patch-
management-can-lead-to-cyber-security-risk


A global ransomware affected the systems of over 150 countries and hundreds
of organizations in the second quarter of 2017. This was the effect of poor
patch management.

Inadequate patch management can leave loopholes in the IT infrastructure
leading to cyber attacks. The top security-related challenges that
companies face today are:

The absence of proper coordination of security measures taken by the
operations department and the IT department.
Unable to keep up with the regulatory standards.
Failure to develop a secured automated security channel.
Unable to protect systems from malware, DDoS attacks, and hacktivism.
Failure to upgrade the existing software and applications to improve the
security of the systems.

What is patch management?

Patch management is the best practice of upgrading existing software
applications to remove any weak security patches that could be exploited by
hackers. Patch management is not an easy practice and most of the time,
organizations opt for patch management only after the systems are attacked.
A better approach is to opt for patch management when the existing
infrastructure is strong enough to ward off cyber attacks.

Patch management best practices

The traditional sandbox approach is not enough to detect and fix the nature
of attacks. Here are some best practices that need to be followed to keep
your corporate security secure:

1- Opt for automated patch management

Most of the attacks happen due to the vulnerabilities in the existing
patches. Software patch management lets you upgrade your existing patches
and keeps your systems secure. With the help of automated patching, you can
repair existing system vulnerabilities in real time which drastically
reduces the risks of cyber attacks.

2- Patch management should be a priority

Cultivating a strong patch management practice is extremely necessary. Many
organizations neglect the need to have effective patch management which
results in compromised systems leading to cyber attacks.

Hence, effective patch management should always be a priority and resources
that are used regularly should be allocated for the task.

3- Have support for heterogeneous OS platforms

Windows is no longer the only operating system used by companies. In fact,
a majority of companies now use Mac as their preferred operating systems
which is less prone to more malware attacks.

Hence, for effective patch management, it is necessary to have support for
heterogeneous OS platforms like Windows, Mac, Linux, Android etc.

4- Perform application patching

There is a wrong belief that only OS is prone to attacks. In fact, more
than 80% of attacks happen on applications installed on OS. Hence, proper
patching of third-party applications is extremely necessary to ward off
cyber attacks.

For effective application patch management, you need to perform it every
week covering each of the applications. You can set your schedule depending
on your company requirements but make sure to keep it regular.

Conclusion

Standard protection measures might not provide ample security due to the
rising cases of malware attacks. Proper patch management is absolutely
necessary to combat various forms of cyber attacks. Make use of the above
best practices to properly implement patch management into your IT
infrastructure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180614/c745aa84/attachment.html>


More information about the BreachExchange mailing list