Services
Platform and Technology Capabilities
Home / Insights / Blog / The Growing Importance of Patch Management 101
July 12, 2018 - by Synoptek
Since Equifax’s enormous 2017 data breach, many people are still — shockingly — downloading the same unpatched vulnerable version of software that lead to the Equifax breach. This unnerving revelation has lead security experts to scratch their heads — are business executives under-resourced or simply unaware of the dangers weak or nonexistent patch management practices impose?
Background on the Equifax breach
Equifax revealed its wide-reaching data breach was the result of a failure to patch a known vulnerability in the Apache Struts open source model-view controller framework that remains popular, especially among those in the financial sector. The patch was released in March 2017, but the Equifax breach started in May 2017, meaning company decision-makers had plenty of time to patch. This data breach impacted 143 million U.S. consumers, 15 million UK consumers, and 8,000 Canadian consumers. What can you take away from this incident to improve processes and better protect your organization moving forward?
Lessons learned
Acknowledging the mistakes of others is not enough: Be proactive by taking action before problems arise. Although it sounds simple, this idea is proving difficult for some. According to the Computer Weekly “Equifax breach lessons not learned” article, as many as 3,049 organizations have downloaded vulnerable versions of Apache Struts even though patched versions are available. To avoid becoming the next headline, start by evaluating your current patching practices and ensure they follow patch management best practices.
Patch management 101
Boiled down, patch management is the process of updating software, usually to address potential functionality issues and vulnerabilities hackers could exploit. Consider taking the following steps toward an effective patch management plan:
Patch management can be a demanding and complex process, causing too many business executives to fall short in this crucial area of risk mitigation. If this responsibility makes you feel uneasy, it could be time to seek help.
Getting patch management help
Patch management tradeoffs do exist: Patches can slow system performance, result in malfunctions, and interrupt business. It’s important to weigh these implications against vulnerability risks. This reality makes patch management more difficult and complex than it might first appear. Rather than leave holes and hope for the best, consider seeking help from a managed IT services provider. With well-rounded IT and business skill sets, a managed IT services provider can help you develop and implement strong patch management practices, helping to address vulnerabilities at the lowest possible risk and cost to your company.
At Synoptek, we provide 24×7 proactive monitoring and support of your systems as well as IT asset inventory and patch management. Learn more
About the Author
Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.
Blog
Case Study