It might seem plausible for IT managers to believe 2019 was a particularly bad year for patch management issues, thinking perhaps they’ll finally be able to focus on other “more important” security issues in 2020 and beyond, but that is not at all realistic.
In fact, as both employers and employees alike find new ways to harness technologies that help to increase productivity and grow their business, the expansion of new hardware and software options will continue to explode. Of course, along with each new application and device there are invariably imperfections that must be patched. The sooner a business comes to terms with the fact that having a comprehensive patch management system is the price they’ll have to pay to take advantage of new technologies, the sooner their corporate data will become safer and more secure.
Is Patch Management Really That Important?
Many people think the majority of security issues arise from a cyber criminal stealthily creeping through their personal information looking for passwords or social security numbers. In reality, the majority of data breaches (57%) occur from vulnerabilities due to poor patch management practices. Considering the explosion in applications, smart devices, operating system versions, etc., it’s no wonder companies feel overwhelmed and unable to patch security holes fast enough to keep up with all the threats.
A recent survey of 3,000 cyber professionals across the globe, reported 48% experienced a security breach within the past 2 years, with poor patching processes as one of the main reasons for the attacks.
Things to Look For in a Strategic PM Solution
With these sobering statistics, it becomes much easier to see that poor patch management is a serious issue within the business community. The fact that poor patching procedures often leads to cyber breaches should be a wake up call for those following little or no protocol. Companies who want to reduce their risk of encountering a costly and devastating security breach need to gain the upper hand on this often neglected area by developing a sound plan. Of course, larger companies can afford to hire a complete staff to develop and manage a PM solution, however smaller companies often need to look to an external vendor for help.
When researching vendors who have such solutions, it’s important to consider whether their plan incorporates the entire patch management lifecycle. The basic structure of the life cycle is as follows:
- Discovery – assess all technology use
- Categorize and prioritize – people, devices, processes, etc.
- Create a patch policy – (and keep it updated)
- Institute monitoring processes for new patches
- Patch test in non-production environment
- Manage associated configurations
- Patch rollout
- Audit results of patch rollouts
- Reporting and analysis of results
- Repeated review of life cycle for optimization
Companies who are beginning to realize they need to take a more serious approach to focusing on and organizing their patch rollouts, can also benefit by taking these additional steps that will help them get on the right track. Start by applying patches for those risks labeled as critical. Develop and implement a data backup and recovery plan. Decide to make a proactive patch management philosophy (and practice) a core component of your technology security strategy.
Centralize and automate the patch application process by employing automated patch software. Evaluate employee end-user rights and only give admin rights to those deemed absolutely necessary. Regularly patch and update the preconfigured computer template used when onboarding new employees. That way new employees will automatically have all the latest operating system patches, along with those for business applications, software, privileges, and other important settings.
If you would like more information on developing and implementing a solid patch management solution for your business, please contact us!