Neglecting to install the latest updates and security fixes is not uncommon. Unfortunately, this leads to organisations falling victim to cyber attacks that they could have been immune to. We spoke to our COO Johan Wedin, who shared his best advice on how to avoid vulnerabilities.
Many find it difficult to ensure adequate internal coordination to prevent patches from being applied much later than they should be. Companies' negligence or failure to patch vulnerabilities in time is often cited as one of the reasons for the increase in cyber attacks in recent years – many of the attacks can be linked to a vulnerability where a patch was available but not applied," says Johan Wedin.
Poor procedures delay patching
Despite the fact that companies often dedicate parts of their IT budget to preventing, detecting and responding to cyber attacks, the all-important patching process can be delayed due to poor procedures. Organisations simply fail to manage known vulnerabilities quickly and effectively. This may be because they are unable to take critical applications and systems offline to patch them quickly, or because it is difficult to prioritise what needs to be patched and corrected.
‘Operations managers often need to collaborate with many other functions or departments within their organisations. This causes coordination problems, which delay patching. Sometimes there is also a lack of a common view of applications and assets within the security and IT teams,’
says Johan Wedin, COO at Binero.
Automation solution to patching problems
In summary, missed and delayed patches pose significant risks to the organisation itself, its employees, customers and the brand as a whole. Most organisations are aware of the problem, but lack the procedures and resources to deal with it on their own. The solution?
‘Automation,’ says Johan Wedin immediately, continuing:
Patching itself may not be the first thing that comes to mind when it comes to automation, but like many other things, patching can also be automated if you have a good process for it. Simply applying all outstanding patches for an operating system or application is not a good idea, as it will create major problems if, for example, there is a patch in the operating system that is not compatible with the application."
Johan highlights the benefits of automation, but at the same time emphasises the need for a well-thought-out process to control and manage patching.
"A good patch management process can save a lot of time and significantly increase security levels. Keep in mind that the process should be scalable based on the size of the company. Larger businesses have the financial resources and need for staging environments, which is where patching is primarily tested. Other businesses do not have these conditions, and the process may look different. Automation provides a significant advantage when it comes to responding quickly and effectively to vulnerabilities. Companies that choose to use automation technologies or external security partners address vulnerabilities within a much shorter time frame – which is what you should be looking for."
