Blog: Cybersecurity

The Growing Importance of Patch Management 101

July 12, 2018 - by Synoptek

Since Equifax’s enormous 2017 data breach, many people are still — shockingly — downloading the same unpatched vulnerable version of software that lead to the Equifax breach. This unnerving revelation has lead security experts to scratch their heads — are business executives under-resourced or simply unaware of the dangers weak or nonexistent patch management practices impose?

Background on the Equifax breach

Equifax revealed its wide-reaching data breach was the result of a failure to patch a known vulnerability in the Apache Struts open source model-view controller framework that remains popular, especially among those in the financial sector. The patch was released in March 2017, but the Equifax breach started in May 2017, meaning company decision-makers had plenty of time to patch. This data breach impacted 143 million U.S. consumers, 15 million UK consumers, and 8,000 Canadian consumers. What can you take away from this incident to improve processes and better protect your organization moving forward?

Lessons learned

Acknowledging the mistakes of others is not enough: Be proactive by taking action before problems arise. Although it sounds simple, this idea is proving difficult for some. According to the Computer Weekly “Equifax breach lessons not learned” article, as many as 3,049 organizations have downloaded vulnerable versions of Apache Struts even though patched versions are available. To avoid becoming the next headline, start by evaluating your current patching practices and ensure they follow patch management best practices.

Patch management 101

Boiled down, patch management is the process of updating software, usually to address potential functionality issues and vulnerabilities hackers could exploit. Consider taking the following steps toward an effective patch management plan:

  • Make patch management a priority from the top down.
  • Ensure your inventory is always up to date — you can’t patch a vulnerability on a system you don’t know exists.
  • Implement a test environment so you know how the patch will affect your production environment.
  • Assign a person in charge of patch management across the organization.
  • Document everything, including inventory, patches available, patches in testing, as well as where and when you’ve installed patches.

Patch management can be a demanding and complex process, causing too many business executives to fall short in this crucial area of risk mitigation. If this responsibility makes you feel uneasy, it could be time to seek help.

Getting patch management help

Patch management tradeoffs do exist: Patches can slow system performance, result in malfunctions, and interrupt business. It’s important to weigh these implications against vulnerability risks. This reality makes patch management more difficult and complex than it might first appear. Rather than leave holes and hope for the best, consider seeking help from a managed IT services provider. With well-rounded IT and business skill sets, a managed IT services provider can help you develop and implement strong patch management practices, helping to address vulnerabilities at the lowest possible risk and cost to your company.

At Synoptek, we provide 24×7 proactive monitoring and support of your systems as well as IT asset inventory and patch management. Learn more

About the Author

Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.