The Critical Importance of Patch Management

Protect Your Organization from Becoming a Statistic

Rob DeBeau

The recent Wannacry ransomware attack really does want to make you cry—not just because it was so severe, but because it was so easily preventable.

The attack was made possible by a vulnerability in Microsoft Windows operating systems, discovered by the National Security Agency and later deployed by hackers. It turned into one of the world’s worst cyberattacks, hitting more than 300,000 computers in more than 150 countries.

Out of Date, Out of Luck
China, whose companies and institutions are notorious for running on pirated software, was especially hard-hit, as was Russia.

In Britain, 16 hospitals were hit by the attack and had to shut down. Why? Because they were still using Windows XP, which Microsoft stopped supporting with patch updates in 2014.

The attack highlights the importance of updating and patching systems. It’s not likely to be a one-off event—other attackers already have five different knockoffs in various stages of development.

The security picture will get even bleaker as companies connect products and services to televisions, refrigerators, thermostats, and wearables through the Internet of Things. Researchers have already figured out how to hack smart thermostats. Hackers can’t be far behind.

Hard to Keep Up
With so many new malware developments, why aren’t IT departments staying on top of patching?

Keeping up with patches isn’t as easy as it sounds, especially for enterprises. Many experience “patch fatigue” or lack the IT staff to keep up. According to one report, basic enterprise desktop configuration required a total of 188 security patches during 2015.

Patches involve complex coding that vendors write under pressure and distribute in a hurry. They can go badly awry, and many IT professionals are reluctant to install automatic updating, waiting until they have time to do adequate testing of their own. Slate lists some notorious examples of problem patches, including a 2014 Apple update that disabled cellular connections and a Microsoft Office update that locked some users out of their accounts for 12 days.

Because of testing delays and large stocks of equipment to manage, it often takes companies more than 100 days to roll out patches—leaving them vulnerable to ever-evolving cyberthreats.

The Outsourcing Solution
Smart organizations are outsourcing patch management to service providers with the time and expertise to keep their organizations updated 24/7.

Connection does that and more, including fixing zero-day vulnerabilities and providing regular reports and custom recommendations. We support Microsoft, Apple, Linux, third-party applications, and both public and private cloud environments.

Outsourcing patch management gives you insight into your IT infrastructure without using up your resources. It frees up your memory, computing ability, and storage for more important projects. It frees your IT staff to develop products or improve operational efficiency, instead of getting bogged down in mundane tasks.
Don’t let your company join the growing ranks of businesses hit by data breaches.

Patching may be a simple concept, but it’s also time consuming and riddled with pitfalls. Let our experts do it for you, so you can stop worrying and concentrate on growing your business instead.

Have a patching success or horror story of your own? Share your experience in the comments below.

Rob DeBeau is a National Service Sales Manager at Connection, with 25 years of experience in Lifecycle and Managed Services.