We tend to picture cyber breaches as sophisticated attacks beating sophisticated defences. In reality many breaches exploit something simpler such as a known vulnerability with a fix that was never applied.
Patching is one of the most basic and effective security controls yet updates are routinely delayed, deprioritised, or ignored because of fear of downtime, compatibility concerns or the quiet assumption that other tasks are more important, and attackers count on that delay.
Most exploited vulnerabilities aren’t new. Nowadays vendors patch holes quickly but attackers move just as fast. Once details are public they have a roadmap to exploit the bug and the risk lives in the gap between patch release and patch deployment and, in many organisations, that gap is far too
wide.
This is an enterprise-wide issue not just one for servers. End-user devices, third-party apps and cloud platforms all add exposure if they’re not kept current. One unpatched laptop or overlooked application can be an entry point into the wider environment.
Unauthorised access leading to data theft, disruption, and ransomware are all possible outcomes of not addressing vulnerabilities. For professional services firms that often means downtime, loss of sensitive client data and regulatory as well as reputational consequences, all of which are triggered by something with a known solution easily deployed, but without the discipline to apply those fixes immediately, disaster can result.
A few steps reduce the attack surface:
- Prioritise critical security updates applying them as soon as physically possible, especially for actively exploited flaws. Don’t wait for your next routine patch cycle.
- Run a regular patching cycle for servers, apps and end-user devices
- Automate updates where you can reduce manual gaps
- You can’t patch what you don’t know you have so maintain an accurate asset and application inventory;
- Test updates sensibly but don’t let testing become an excuse for delay
Patching isn’t complex, but it does demand consistency and accountability, and it does need to be part of your strategic focus.
With so much investment in new tools and advanced controls, it’s worth remembering some of the worst breaches have historically and still do come down to something basic: a patch that existed, but wasn’t applied.
David Baskerville
07769 946883
Do this today:
Update one “always-on” device (laptop/phone) and check auto-update is enabled.
Other articles in the 'Keep It Real' series
Keep It Real 2: Phishing Awareness – Still the Weakest Link
Cybersecurity spend keeps rising with better email filtering, stronger detection and more automation promising better protection. Yet phishing still works because while technology can reduce exposure, it can’t remove human judgment. Phishing has evolved with the...
Keep It Real 1: World Password Day – The Basics Still Matter
World Password Day is 7 May. The problem isn’t awareness; it’s execution. Phishing is growing in both volume and sophistication. Messages now mimic suppliers, colleagues and trusted services with convincing branding, tone and timing. Often, attackers aren’t “breaking...
Latest Articles
Keep It Real 2: Phishing Awareness – Still the Weakest Link
Cybersecurity spend keeps rising with better email filtering, stronger detection and more automation promising better protection. Yet phishing still works because while technology can reduce exposure, it can’t remove human judgment. Phishing has evolved with the...
Keep It Real 1: World Password Day – The Basics Still Matter
World Password Day is 7 May. The problem isn’t awareness; it’s execution. Phishing is growing in both volume and sophistication. Messages now mimic suppliers, colleagues and trusted services with convincing branding, tone and timing. Often, attackers aren’t “breaking...
Evergreen Software – What Is It and Are You Getting the Best Value From It?
Evergreen. If you’re as old as me it might bring back horrible memories of Pop Idol and Will Young’s first Number 1 (I was never a fan of Pop Stars, Pop Idol, Popstars the Rivals or any of that whole genre of nauseating talent shows, but I digress). In the context...
Talk to us today
Get In Touch
