Daily Archives: December 26, 2019

You’re working on a deadline and you get a pop up asking you to install the latest security update for an application. You don’t have time to do it right now, so you click it away, telling yourself you’ll do it Friday afternoon or some other time that’s not as busy. But a couple of months go by and that update still isn’t installed. What can possibly happen? Just ask Equifax. In 2017, the consumer credit reporting agency had one of the most high-profile data breaches ever, with 143 million people having sensitive information like credit card details and social security numbers stolen. The breach occurred due to a web application vulnerability, a vulnerability that had been patched with an update 4 months prior to the breach, but the update was never applied to Equifax’s system. Patch and update management is one of the key best practices that you’ll see recommended for proper cybersecurity, whether it’s for HIPAA and PCI compliance or to protect against ransomware and malware attacks. Those “annoying” requests for updates are actually red alerts to fix a found security flaw, but unfortunately many users ignore them because they don’t want to be inconvenienced.  A majority of data breaches in 2019 were due to unapplied security patches. Let’s take a look at why those updates are so important and common update mistakes that you’ll want to avoid. Why Are Security Patches So Important? It seems a never-ending battle between operating system (OS) and software manufacturers and the hackers trying to exploit their code. A new vulnerability is found, and a new patch comes out to fix it. Then the cycle repeats. Those OS, software, and firmware updates are so important because they typically contain security patches that have been issued after a vulnerability in the code has been discovered.  Once news is out […]