Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Thursday, 19 January 2023 11:50

Why software patching is critical for effective IT security

By Anthony Daniel, ANZ and Pacific Islands regional director at WatchGuard Technologies
WatchGuard Technologies ANZ and Pacific Islands regional director Anthony Daniel WatchGuard Technologies ANZ and Pacific Islands regional director Anthony Daniel

GUEST OPINION: Effectively securing an organisation's IT infrastructure from cyberthreats is a complex task, yet there is one simple step that can make an immediate difference: installing software patches.

Software vendors are constantly releasing updates to their code designed to plug security holes and ward off attacks. However, unfortunately, many of their customers are failing to take advantage of them which leaves them open to potential attack.

In many cases, the reason for delay comes down to the perceived disruption that updates can cause. Devices usually need to be restarted to allow the code to be installed which results in interrupted workflows and a drop in productivity.

As a result, the deployment of patches that could have prevented a cyberattack is delayed and an organisation then finds itself becoming a victim. This is particularly frustrating as it's a situation that could readily have been avoided.

According to research by security company F-Secure, 61% of existing vulnerabilities in corporate networks actually date back to 2016 or earlier. This is despite the fact that patches have been available for more than five years. In some cases, vulnerabilities that continue to be exploited by cybercriminals are more than a decade old.

The importance of updates

Organisations that have been postponing software updates and are yet to fall victim to an attack might have a false sense of security and believe that patches are not really necessary. However, a high-profile cyberattack that targeted the International Committee of the Red Cross (ICRC) proves this confidence is misplaced.

In the incident, cybercriminals gained access to the ICRC's systems by exploiting a known, but unpatched, critical vulnerability in a single sign-on tool developed by Zoho, a company that makes web-based solutions for business management. During the attack, data relating to more than 515,000 'highly vulnerable' individuals was compromised.

According to IBM's X-Force Threat Intelligence Index 2022, more than a third (34%) of reported cyberattacks during 2021 were due exploited vulnerabilities being exploited. This represented a 33% increase on the previous year.

These numbers clearly demonstrate the size of the attack vector created by avoiding software patches and updates. The report also highlights the increase in the number of vulnerabilities, which reached a new record high of 19,649 new cases.

According to WatchGuard's Internet Security Report, which analyses the latest malware and attacks targeting organisations around the world, the volume of network attacks reached a four-year high in 2021 with some 5.7 million network exploits in the fourth quarter alone. This shows the problem is continuing to intensify.

Taking a defensive stance

Clearly, an effective way to reduce the likelihood of falling victim to an attack is to ensure all patches and updates are installed as soon as they are released by software vendors. To achieve this, there are four key steps that organisations can take:

1. Automate processes: Always enable automatic software updates whenever possible. Doing this will ensure that new updates and patches are installed as rapidly as possible.

2. Avoid outdated applications: Organisations should avoid using end-of-life and unsupported software as these applications will no longer be receiving updates from the vendor.

3. Go to the source: It's important to visit software vendor sites directly to source updates rather than clicking on advertisements or email links that could result in the installation of malicious code.

4. Use a secure network: Software updates should not be undertaken when a device is connected to an untrustworthy network, such as a public Wi-Fi service.

A critical issue

The timely installation of software patches and updates is a critical part of ensuring the robustness of an organisation's IT security. In addition to the steps above, it is also important to recognise that organisations have a duty to monitor and mitigate known vulnerabilities that are continually being exploited by cybercriminals.

This is because it is not just the organisation itself that could fall victim to an attack. Once they have gained access to a target IT infrastructure, cybercriminals can also cause disruption and loss to customers, business partners and other third parties.

Being aware of new patches as they become available and installing them in a timely manner is a critical part of any effective security strategy.

Read 1261 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News