Despite the constant stream of drama-filled news about the latest security exploits, many businesses lag behind in making the patch management a major security priority. Whether the mindset is “Windows updates itself” or “we’ll deal with problems as they occur” – many have yet to invest in a regular patch management policy or program. Consistent patch management is not only necessary but is in fact vital to business productivity and continuity.
While patching is important for companies of any size, Small Businesses are particularly challenged to address the sheer volume of security vulnerabilities that can be exploited within their operating systems, web servers, databases and applications – and the overwhelming number of fixes being released to address them.
In the past five years, 459 vulnerabilities have been reported across the various Windows operating systems. And in 2010 – 2011 alone, Adobe issued 399 security bulletins and nearly 200 patches to protect its users from application-based vulnerabilities. Factoring in the multitude of third-party software and applications used across all business environments – and with ‘bring your own device’ policies making every new smartphone and tablet a possible new point of network infection — it’s no longer reasonable for small businesses to rely on their own to manually download and apply the required patches.
Automated services like Windows Update depend on the end user manually accepting and downloading patches. Given the volume of patches required, this leaves far too much room for error: users can repeatedly ignore patch prompts, leaving their systems vulnerable long after a patch has been released. In addition, Windows is no longer the only software that needs to be patched: third-party applications are now the most common point of entry for malicious attacks.
The costs and consequences of poor patch management
The high-level impacts of spyware, ransomware, rootkits, spambots, hijackers and other online attacks that can enter a company’s network through unpatched vulnerabilities are clear: decreased productivity, lost revenue and damaged reputation. What happens if sensitive personal or financial information is stolen? What happens if that loss results in legal action? And if a small business’s systems are knocked offline, what is the cost of that downtime in terms of both human resources and lost opportunities?
CEO uses the latest patch management techniques, tools and monitoring services to make sure your network and servers are patched up. Please call 818-501-2281 for a Free Analysis.