We’ve heard a lot about high profile cyber-attacks in the news.
Target, Anthem, US Office of Personnel Management, Sony…the list goes on. These attacks have come from a sophisticated groups of hackers, and some of those groups are sponsored by foreign governments.
The idea of government-sponsored attacks is scary. And it seems like an insurmountable threat to overcome. However, when it comes to breaches, security neglect is often more dangerous than the threat itself. According to the U.S. Computer Emergency Readiness Team (CERT), as many as 85% of targeted attacks are preventable.
US-CERT attests that in a lot of cases, a simple security patch could have prevented the attacks.
Virtually any device with an internet connection requires patches. According to WIRE, even Chrysler has patches available to prevent wireless hacking. If patches are readily available and so critical, why aren’t they being applied more regularly?
There are a couple of reasons why some organizations don’t update their patches. One factor is that some vendors do a horrible job of notifying customers that a patch is available. This is a more common occurrence than it should be.
Although patches aren’t always fool-proof, the risk of a data breach and the costs involved are too great to ignore. The Ponemon Institute and IBM released a study that says the average data breach costs $3.79 million.
US-CERT recommends three strategies for mitigating risks.
- Application whitelisting: This is by far the most effective strategy. It allows for only specific, known applications to run and blocks all others, including malicious software.
- Patch applications and operating systems: Most attacks target vulnerabilities in applications and operating systems. The number of exploitable entry points are greatly reduced when the latest updates are applied.
- Restrict administrative privileges: Restricting who has administrative rights can prevent malicious code from installing on systems and limit its ability to spread through the network.
The key to protecting your systems from cyber-security threats is to be vigilant. The process also needs to be managed and automated. The National Institute of Standards and Technology reports an average of 14 new vulnerabilities per day.
Staying current with the latest patches can a daunting task. And most IT departments are already busy trying to keep their infrastructure and applications running.
Leaning on a managed services provider that can help you stay current with the latest patches is one way to overcome potential setbacks.