888.624.6737

syse-blog-header

Cyber Risks of Poor Security Patch Management

April 21, 2022 | Posted in:

Cybersecurity, IT Solutions & Support

Posted by Kevin Beling

As many applications now live in the cloud, it’s easy to lose sight of basic network hygiene. One might assume that patching has become less critical now that more data lives in replicated cloud storage environments. You may also think that using the latest cloud security tools, like multi-factor authentication (MFA), is enough to keep you protected from increasing cyberattacks. That assumption couldn't be further from the truth. It is now more important than ever to manage patching and software updates with even greater frequency.

Many factors contribute to this increased urgency, including our work-from-anywhere society, the use of multiple network environments, and the increasing cyberattacks afflicting the U.S. private sector. You may recall the earlier ransomware attacks on vital U.S. corporations, like the Colonial Pipeline and JBS Foods. These domestic attacks prompted our National Administration to recognize the importance of improving cybersecurity and network defenses. Most recently, spurred by the Russian invasion of Ukraine, The White House released a Fact Sheet urging companies to protect against increasing cyberattacks and to heighten overall awareness. Patching and system updates were a top recommendation, echoing our long-standing vulnerability management philosophy. Below, we break down three major contributing factors of ineffective security patch management and the solutions needed to fortify your organization against persistent, evolving cyberthreats.

CONTRIBUTING FACTORS

Multiple endpoints

Whether your company data lives in the cloud, on-premises, or is governed by strict compliance obligations, users still access this information from various endpoint devices, like smartphones, tablets, and laptops. It is vital to personal and corporate security that each device is patched to prevent hackers from exploiting the latest vulnerabilities. Even if all of your applications are cloud-based, you need to make sure the browser used to access these apps is up-to-date, and the operating system (OS) on your computer, tablet, or phone is updated regularly as well. One good example of personal updates for patching is on an Apple iPhone. Periodically, users will receive a notice that the iOS version has changed, which requires a manual update. If that iPhone is corporately managed, measures can be put in place that prevents the user from accessing company data until the update is made. This precaution is a best practice for corporations as the patching included in those iOS updates makes the phone safer and more impervious to ransomware and other malware.

Hybrid networks

While many small- to medium-sized businesses (SMBs) are fully running in the cloud on virtual servers and desktops, most are still using a hybrid network. Hybrid means that some applications are running virtually in a cloud data center, while others are still running on a server or a computer on-premises. It is essential to remember that even if a virtual server or desktop is hosted in a data center, it still needs to be patched. While SaaS (software-as-a-service) applications, like web-based accounting software, are patched by the vendors, a hosted solution, like Azure Desktop, which lives in rented virtual space, still requires manual patching. Any applications on local servers most certainly must be manually patched.

For the manual patching process, some companies may rely on free automated update services to meet their patching need, such as the Windows Server Update Services (WSUS). While these options are available, they should not be used independently of human intervention and can be problematic. The lack of proper update management and indiscriminately applied patches can lead to import problems and server instability. Using a managed patching service to control the deployment and maintenance of interim software releases is a best practice for SMBs. The service they perform when sanctioning patches and updates prior to application help maintain operational efficiency, overcome security vulnerabilities, and maintain the stability of your production environment.

Sophisticated threats

Cyberwarfare is here and not going away. What was once the realm of disorganized criminals is now made up of well-funded organized crime groups. These include nation-states like Russia, which manages massive covert hacking squads, most recently focused on domestic targets. The frequency and level of sophistication have also increased, and not just for large corporations; SMBs are equally attractive to cybercriminals. The same features that artificial intelligence (AI) and machine learning (ML) bring to a business to drive innovation and efficiency are the same features used by cybercriminals for ill gain and abuse. One cybersecurity expert noted that despite the danger, only about 15% of SMBs have any kind of cybersecurity defense at all.

No SMB should go without proper cybersecurity best practices and services to combat these modern threats. Advanced cloud-based solutions such as endpoint detection & response (EDR), coupled with old-fashioned defenses like patching, will help your organization stay updated with best practices and become more translucent to cybercriminals.

SOLUTIONS

Managed patching (Security Patches)

The easiest way for SMBs to ensure that patches are deployed regularly is through a managed patching service. In this model, a managed service provider (MSP) uses tools and dedicated staff to test, deploy, and report on patches. This process is simple, often uses automation tools, and provides reports that can be used to ensure compliance requirements are met. It offloads the stress of relying on unstable, manual built-in tools while providing the certainty of a managed service. These services support security patch management best practices and are great at automating security updates for operating systems and commonly used applications. One thing to note is that a managed patching service will not necessarily cover everything on your network, such as software version updates.

Software updates (Version Updates)

Core network applications must usually be manually updated by trained engineers – either by the vendor or a trusted partner. These software programs could include backup, virtualization, remote desktop services, and industry-specific core business applications (accounting software, etc.). Best practice around the frequency of updates has changed in recent years since increased threats have resulted in a greater need to keep pace. Software vendors regularly post information on their websites around critical updates and security improvements. An MSP can check for any required updates on supported applications and prepare your network for the requirements of any line-of-business (LOB) vendor updates. Still, it is up to the SMB to coordinate between their LOB vendors and MSP on those industry-specific applications for non-standard updates that must be completed.

If you are looking to implement a solid patching process within your organization and bring integrity to your network security, reach out to us to start the conversation. We can help improve the security posture of your SMB, keeping you out of the cybercriminals' crosshairs.

SECURE YOUR NETWORK

For more information, select the link above or connect with Systems Engineering at 888.624.6737 or info@systemsengineering.com. Clients, please reach out to your Account Manager directly.


KBeling

Kevin Beling is an Account Manager at Systems Engineering, focusing on ensuring valuable and long-term client relationships. Kevin helps clients identify and utilize technology to achieve the business outcomes they desire. Kevin has been with Systems Engineering since 2015.