What is all the fuss about updating software?

There never used to be a fuss about it.

In the past, updating software was about developers fine-tuning their programs, making extra features available and tweaking the way they work for optimal end-use.

But with cyber crime advancing to the level it is today, updating software is as much about fixing recently discovered bugs and addressing the latest security issues.

Some updates are small enough to run in the background, but many require an actual download. These larger pieces of software are called patches, and it’s up to you to install them. They’re usually free and are necessary for your system and programs to continue running smoothly and, above all, safely.

Problems with patching

However, there are drawbacks associated with patching that result in them not being installed timeously, if at all. These are the drawbacks:

  • It takes a lot of time to manually apply a patch across all company devices.
  • There’s reluctance to apply a patch until certainty about its performance has built up.
  • If every application needs its own update, which download do you prioritise?

Cyber attackers bank on the above, and the fact that many companies won’t install the latest patches immediately. During this window of opportunity, they have free reign to attack.

For commonly used third-party apps such as Adobe Reader, Adobe Acrobat, Flash Player and Mozilla Firefox new updates become available every week, sometimes more than once.

Microsoft Teams updates also automate every two weeks and Zoom about once a month. Multiply these apps by the devices linked to your company, and the task of keeping up with all the updates becomes a disruption in itself.

Because apps like these are so widely used, they’re obvious targets for cyber criminals, who have a better hit rate with them. When a patch is announced, it alerts them to a vulnerability and they quickly get on to finding it, knowing they have a window of opportunity to exploit it.

According to Verizon’s Data Breach Investigation Report, 70% of cyber attacks were linked to a vulnerability for which a patch was available, but not installed.

An independent survey conducted by Ponemon showed the average timeline for patching critical vulnerabilities can be as much as 16 days. That’s plenty of time for an opportunistic hacker to make headway.

There’s no better example of a cyber attack that could’ve been avoided than the infamous and far-reaching WannaCry ransom attack, which spread across 150 countries and caught more than 300 000 computers without the available patch.

As soon as an app goes out of date, hackers target the vulnerability and inject malware into the unpatched system. Attackers can only target exposed systems; they can’t create exposed systems. Therefore, it’s entirely up to a company to ensure its system isn’t exposed.

Keeping all of a company’s applications up to date – across all devices – can end up being a fulltime job, but it’s one that must be done.

If you’re not managing to stay on top of patching, the alternative is a patch management service, where all patching happens automatically as soon as a patch becomes available. It reduces your vulnerability time and requires no user intervention. Once installed it will keep on patching in the background.

If you think patch management may solve your patching problems, chat to us about your options.

Cloud / VPS Hosting

Learn about IronTree’s specialised virtual private server (VPS) hosting.

Step 1 of 2

  • Sign up for your
    Free Trial

    Please complete the form to sign up for your free trial. For all our other products, please contact us for a consultation.

  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

The reseller zone is currently out getting a facelift as we look to integrate it with our backup platform, as it stands you can overview your clients on our new backup console. If you don't know what console that is, please reach out to us.

  • Hidden
  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.