Patches are software updates, a small adjustment to the code, usually released to improve the performance or fix bugs and security gaps in software already installed on computers, IT systems and devices. Software is far from perfect and glitches and vulnerabilities are readily exploited by hackers who use them to carry out cyber-attacks, spread viruses, malware, and ransomware and to create armies of botnets. Security patches try and repair vulnerabilities in the software, which evolve because no development team could ever anticipate every future cyber-attack.
According to Gartner1, some 60% of firms were still seeing attacks for vulnerabilities dating back 10 years or more. The WannaCry ransomware attack on the NHS in 2017 demonstrates the extent to which not-patching can leave companies vulnerable. It used known vulnerabilities of the NHS software to spread through networks and encrypt data, and despite the availability of a patch, the malware infected hundreds of thousands of computers. Microsoft had created a patch two months before the WannaCry attack started but many people did not apply it, ultimately resulting in much disruption in the NHS. The hack cost the NHS £20 million in one week.
According to many cyber security experts, including Norton2, regular patching is seen as the single most important thing you can do to secure your IT. “Security patches are only one element of a robust cybersecurity strategy, but they’re a crucial”.
“If the hack is the poison, the patch is the antidote”, according to Norton, so it needs to be applied as quickly as possible to prevent fatal consequences. But whilst it’s ideal to do it fast, in reality it’s not always that simple, due to time constraints, availability of expertise, complexity of the fix and interdependencies between systems. For systems that need to operate 24/7 patching is not an easy process.
Patches can be released frequently. A report from Microsoft (SIR 2018) estimated that software engineers uncovered up to 6,000 new vulnerabilities each year. Keeping up with patches for frequently targeted systems is no mean feat.
There are patch management automation tools that you can use to close down those loopholes, whether they are remote or on your premises.
Why is it so vital to keep security patches up to date?
Norton guidelines explain that using patches helps to;-
- Reduce exposure to cyberattacks: by plugging vulnerabilities before hackers exploit them.
- Avoid lost productivity: Down time is expensive and also has major implications for patient wellbeing.
- Protect your data and your patient’s data: Safeguard their information as there can be severe consequences for non-compliance.
- Protect others on your network: one unpatched system can cause disastrous consequences to an entire network of systems.
It is good practice to ensure that you always back up files regularly.
Or access the Government guide https://www.ncsc.gov.uk/guidance/vulnerability-management
Protect your data, digital assets and reputation with Cyber Liability and Data Insurance through cyber liability and data insurance.
For further advice speak to our Cyber security expert- Montrose Bill on 01438 870718 or email
- Gartner Report on Cyber Security 2020 https://info.bitsight.com/the-urgency-to-treat-cybersecurity-as-a-business-decision-ppc
- Norton https://us.norton.com/internetsecurity-how-to-the-importance-of-general-software-updates-and-patches.html#:~:text=Updates%20help%20patch%20security%20flaws,code%20to%20target%20the%20vulnerability
- NCSC.Gov https://www.ncsc.gov.uk/