The threat of a business suffering a cyber-attack continues to rise. Businesses of all sizes must learn from mistakes and invest in their security infrastructure. The rise could be attributed to how easy it is to gain access to technical cyber-attack tools such as Zeus and SpyEye.
This comes from the OTMS, Online Threats Managed Services group of RSA, who suggest even low-level criminals can use them without needing the technical knowledge previously needed for such an attack. The tools are now cheaper than they once were which also increases the temptation to buy. With barriers of entry falling, cyber-attacks have become an attractive means of making profit.
Head of OTMS, Idan Aharoni, believes businesses must change from basic security measures such as antivirus and firewalls as they continue to fail. His advice to companies is to assume they will be attacked and build a security strategy around this.
One security measure that goes beyond traditional protection is patch management. Vulnerabilities in software continue to be found with patches released quickly, but businesses must make strenuous efforts to have an appropriate process in place – installing missing security patches can be easy.
NIST, the National Institute of Standards and Technology, have stressed the importance of patch management with regards to cyber security in businesses. The Federal Technology Agency are in the midst of updating their patch management guide for businesses for the first time in 7 years.
The guide recommends a 3 step process:
- Use patch management tools in a phased approach. This will ensure user communication issues are dealt with before applying the patch across the network.
- There should be a standard patching process to minimise risks and errors.
- Lastly, businesses must check their patch management tool is suitable in terms of usability and availability under all conditions.
The authors of the guide, Murugiah Souppaya and Karen Scarfone, believe implementing an effective patch management regime will save time which can be spent dealing with other threats.
Patch management can be tricky for businesses to keep track of if done manually. IT admins must have an overview of the software installed across laptops, PCs and servers including the state of security on these.
Patch management tools can significantly provide detailed scanning results and up-to-date vulnerability detection. Patch management tools can also be integrated with WSUS (Microsoft Windows Server Update Services) and SCCM (Microsoft System Center Configuration Manager) to provide a complete patch solution.
Whether you’re a SMB or Enterprise, patch management has never been more important in today’s world.
Catherine Halsey writes for a digital marketing agency on a range of topics. This article was written on behalf of Secunia.