Cybersecurity attacks were at an all-time high in 2018. Cyber incidents included malware compromising networks and data breaches exposing corporate vulnerabilities at such trusted brands as Facebook, Amazon, Saks, Panera and Under Armour, to name a few. Marriott is the latest victim, closing out the year with a widespread breach exposing 500 million of its guests’ personal data. It comes as no surprise that a recent report by the World Economic Forum reveals that cyber risk is the number-one concern of executives in advanced economies. A recent article in the Harvard Business Review estimates that cyber crime costs more than $1 trillion annually.
A general consensus and misnomer is no news is good news. Unfortunately, companies have made assumptions regarding the currency of their environment, leaving them vulnerable to a phishing exercise. In the case of Marriott, management took steps to shore up cybersecurity capabilities, including hiring a Chief Information Security Officer (CISO), as reported by Bloomberg. But like many, the most basic step is often overlooked which is maintaining a disciplined approach towards patch management. Patch management is a strategy for managing patches, or upgrades for software applications and technologies.
Approximately 70% of successful cyber attacks exploit known vulnerabilities in systems where readily available patches have not been applied. For many organizations patching is not a priority. It becomes extra work that the infrastructure team performs after hours, or completed in a haphazard way because the team is stretched and does not have the capacity to focus on what has become a business critical routine.
Unfortunately, patch management often takes a backseat in terms of funding and prioritization until an organization is hacked. Companies need to be more proactive. No news is good news is not a suggested strategy in the world of cybersecurity. The simplest and most effective thing to do is to apply the known patches and follow a disciplined approach to keep all system patches current. There is a discipline, process and an investment required from each organization to stay current. This is a cost of doing business. Cyber threats are becoming more advanced and sophisticated.
What is your organization doing about the threat today?
Are you current on your patching cadences or are you at risk?
Interested in scheduling a 30-minute meeting to discuss your current approach with proven experts to elicit advise at no cost?
Instead of a wait-and-see strategy, you can proactively conduct a vulnerability scan or external penetration test to get in front to assess your exposure and improve your security posture. According to Alon Yavin, Head of Professional Services at HolistiCyber, Genesis10’s cybersecurity partner:
“To tackle advanced and sophisticated cyber threats, organizations should think ahead in a preemptive manner, adopting elastic and dynamic methods. Like in a war, you cannot cope with these evolving multi-staged attacks only by securing your systems; rather, you should devise a proactive defense program consisting of advanced and sensitive detection elements, multi-faceted preventative countermeasures, intelligence and a well-defined response program.”
Continue the conversation on Patch Management by subscribing to the Genesis10 blog.