When managing an IT estate, many people place a greater emphasis on external threats. However, the patch update health of your IT ecosystem could perhaps be one of your greatest IT security threats.
ZDNet have outlined industry thinking on creating a strong yet holistic approach to patch update management. A patch is a fault in a software system and companies like Microsoft do need to get better.
Hackers use these ‘flaws’ to create malware that threatens IT security within organisations. By using these faults, they deploy malware that targets the very flaw that software companies are constantly trying to patch. This is how WannaCry was able to intersect with the flaw within Windows XP’s EternalBlue vulnerability. This brought down the NHS and organisations across the world. Microsoft has to create emergency patches outside of its routine Patch Tuesday.
However, there are other risks, IT experts have argued that impact patch management cycles. For example, some issues need patching instantly. However, others need a more robust interpretation – and needs to be done in a way that avoids organisational disruption. Updates can cause IT problems due to fragmented system deployments.
Other problems present with legacy systems that some companies ‘fear’ updating. Tech leaders have stated that they’ve seen companies have critical systems, legacy systems, that they do not patch because they fear any repercussions and the inability to get tech support due to its legacy status.
At the end of the day, you need to have a conversation with your IT team, IT leadership and wider community to help drive the right attitude, the right update process and the right legacy lifecycle approach to help give you that ‘edge’ when undertaking patch management.