Why is patching software important for security?

Why is patching software important for security?
Keeping software up to date with the latest security patches is essential for businesses in a time when cyberthreats are as rampant as they are today, in our hybrid working paradigm.

"Patching remains the single most important thing you can do to secure your technology", according to the National Cyber Security Centre (NCSC). It ensures that all your software is up to date and known vulnerabilities have been remediated. Here's why patching is so important:

1. Close vulnerabilities before attackers can exploit them

Vulnerabilities in technology are always being discovered and in response, vendors regularly issue security updates to plug the gaps. Once these vulnerabilities are disclosed to the public any attacker looking to hack into your company will also have access to this same information. Applying these updates, known as patching, closes vulnerabilities before attackers can exploit them.

2. Ensure regulatory compliance

Patch management is commonly required by security frameworks or standards, such as CIS Critical Security Controls for Effective Cyber Defense, ISO 27001 Annex A, PCI DSS, or NIST Cyber Security Framework.

Companies in the financial sector also need to comply with CSSF Circular 17/655, which requires banks and investment firms to strengthen their controls in the field of patch management.

3. Get the most from your IT

Beyond security, patching ensures you get the most from your IT. It can fix bugs, add new features, increase stability, and improve the user experience.

4. Minimize downtime

Patching could have avoided the world’s largest ransomware attack in history. The 2017 WannaCrypto (WannaCry) ransomware cyber attack disrupted more than a third of NHS trusts in the UK and spread to 150 countries, ransacking 200,000 computers and causing world-wide damages estimated from hundreds of millions to billions of dollars.

Locked out of systems by the file-encrypting malware, many NHS bodies had to use pen and paper and cancel thousands of operations and appointments.

Microsoft released a patch one month before the WannaCry attack which, if implemented in time, would have mitigated the attack. What is worse, unpatched computers were again targeted by the 2017 NotPetya cyberattacks for the same vulnerability.

All in all, 57% of data breaches are attributed to poor patch management, according to Ponemon.
  • Tags