Patch management is about keeping software on computers and network devices up to date and capable of resisting low-level cyber attacks.
Any software is prone to technical vulnerabilities. Once discovered and shared publicly, vulnerabilities can rapidly be exploited by cyber criminals. Hackers can take advantage of known vulnerabilities in operating systems (OS) and third-party applications if they are not properly patched or updated.
According to the May 2014 “Cloud Adoption and Risk Report” by Skyhigh Networks, a significant 18% of companies had at least 1,000 devices running Windows XP that were accessing public Cloud services. Windows XP reached its end of life in April 2014, which means that these devices may have been unpatched and vulnerable, exposing those organisations to risk.
According to a Helpnet Security report, Microsoft has been aggressively campaigning to get users to stop using Windows XP, and even went as far as offering $100 off the purchase of a new PC via the Microsoft Store in order to sweeten the switch to a newer OS (at the time, Windows 8). But there is a massive number of devices that won't be so easily upgraded, as 95% of ATMs were still running on the unsupported Windows XP one month before the software was due to expire.
Are you at risk? The following practices should be avoided:
Using unlicensed and unsupported software, so the organisation is not receiving continuous updates.
Failure to install software updates and security patches in a timely manner.
Failure to remove unsupported software from the computer or network.
In February 2014, Apple rushed the release of iOS 7.0.6 in order to patch a shockingly overlooked SSL encryption issue that had left iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack. Left untreated, this vulnerability would have allowed hackers to intercept and alter communications such as email and login credentials for countless Apple users.
Read more about this story >>
View another control:
Solutions for Cyber Essentials certification
IT Governance offers three unique solutions that will enable you to achieve certification to either Cyber Essentials or Cyber Essentials Plus cost-effectively and easily.
View the three solutions >>