It’s 5pm and you’re hurriedly trying to make your way out of the office to head home – you see the traffic continuing to build outside your office window, and you’re trying to save everything on your computer and shut it down so you can beat the rush home.
All of a sudden, you see an odd window pop up on your computer screen warning you that your files are being hijacked and it will take $15,000 in bitcoin to get it back. You try to close out the window but your computer is now freezing up.
You hear the cacophony of horns beginning to honk and see that a car accident has now brought traffic to a standstill. Muttering under your breath, you hit the power key on your computer to shut it down, but no luck. You remember seeing an email about having to download a critical security patch from the other day, but you had to meet a friend for dinner and thought it could wait another day.
Unfortunately, that update couldn’t wait – and now your files and your company are at risk of data loss. Welcome to the world of patch management. Multiply this one computer by every workstation, every legacy and cloud based application, and we start to paint the picture as to what patch management can look like across the enterprise.
The dictionary definition of enterprise patch management is the process that helps acquire, test and install multiple patches (or code changes) on existing applications and software tools which will enable systems to stay updated on existing patches and determining which ones are appropriate to implement.
Oftentimes, these are security patches that would keep your organization safe from hackers. Research from Verizon and Gartner finds that we are still struggling to get enterprise management right, even if we know we are vulnerable to cyberattacks that could steal customer information and intellectual property.
The 2018 Verizon Data Breach Investigation found that cyber criminals are still successful using the same hacking techniques we’ve known about for years such as phishing, distributed denial of service, and malware. The report also found that 99% of the exploited vulnerabilities in the study were already more than a year old with a published software security patch – essentially, we all knew about the vulnerabilities long before it was exploited by a hacker.
By 2020 99% of the vulnerabilities exploited will continue to be ones known to security and IT professionals for at least a year, and that less than .1% of all attacks will be a vulnerability that’s actively exploited by a hacker before it’s publicly known (zero day).
— Gartner, Top Security Predictions
So why is this the case? If the patches are available, why are organizations still struggling to stay up to date on patches? As enterprise IT staff continues to shrink, the ability for enterprises to prioritize and automate patching across disparate cloud-based and legacy infrastructure is falling short. Given the never-ending stream of available patches with shrinking enterprise IT operations staff and limited enterprise security staff, prioritizing patches is a high priority. Yet, most organizations are overwhelmed with the sheer volume of patches and don’t know where to begin. A recent Ponemon study shows that 65% of enterprises say they find it difficult to prioritize what needs to be patched first.
While most large enterprises have fully automated the patch management process, many still struggle to prioritize patches. Small enterprises are typically only patching critical software vulnerabilities, leaving them exposed to data breaches and Sarbanes-Oxley compliance. No matter the enterprise size, even fully automated patch management software requires trained personnel with the expertise to configure and maintain the product and process.
You cannot help others until you help yourself and this speaks to Enterprise IT as well. Enterprise Patch Management at US Cloud frees up IT to innovate and speed up the digital transformation process. Failure to evolve or move too slowly puts the organization at risk to disruption, losing market share or worse.