A Beginner’s Guide to Patching
Have you heard the term “patching” but don’t really know what it is or what you should be doing to protect your organisation’s data and systems? In this article, CQR’s cyber security consultants summarise what you need to know to maintain good patch management.
This beginners guide is part of our “Making Cyber Simple” series of practical beginners guides. You can also download a free copy of the full guide which covers 9 key areas that we believe every organisation should be aware of and act on to reduce your chances of becoming a victim of a cyber attack.
What is patching?
Patching is a set of changes to a computer program (or its supporting data) designed to update, fix or improve it. Whenever you install new updates to your existing software or device, if it contains “bug fixes” you are effectively patching it.
Good patch management keeps your software and devices up-to-date and helps address new security vulnerabilities before they are exploited by hackers.
Why is patch management important?
The number of ransomware attacks on businesses continues to grow. By not regularly patching your organisation’s networks you are leaving security holes which could enable hackers to plant malware in your systems. This could then enable them to steal data, gain control over your computer and systems and encrypt files.
A recent survey found that 60% of victims of a cyber security attack were breached due to an unpatched known vulnerability being exploited i.e. the vulnerability could have been avoided if they’d installed the available patch. Some of the biggest and most high profile cyber attacks in recent years have been caused by this very issue.
This is backed up by our own experience. A high percentage of all vulnerabilities we discover during penetration tests are down to poor patch management.
If you do have an unpatched vulnerability your organisation doesn’t necessarily have to be attacked directly either. If the vulnerability exists, you could become a victim just by clicking on an unsecure website or opening a compromised email which then installs the malware which attacks it.
To minimise the risks to your organisation, it’s important that you keep up-to-date with which security patches are available and regularly install updates to patch all of your servers, devices and software as soon as possible.