If it ain't broke, don't fix it

Why you really should install those updates - right now

Jötnar Systems, Alister Brenton

We're just over a month into a brand new decade - and already the number of individuals and organisations hit by cyberattacks is almost too large to count. A common cause of these attacks, arguably the most common, is failure to keep IT systems up to date, leaving now well-known vulnerabilities open to be exploited.

An avoidable threat

According to last year's article in SC Magazine, studies have shown that as many as one in five IT systems contain over ten publicly-disclosed vulnerabilities which remain unpatched, and Edgescan's 2019 Vulnerability Statistics Report found that many of these exploits date back as far as the year 1999.

According to Edgescan's CEO, Eoin Keary, "[t]hese findings highlight a serious oversight from a cybersecurity standpoint. In fact, we still see high rates of known and patchable vulnerabilities with working exploits in the wild, which demonstrates it's becoming increasingly hard to patch production systems effectively on a consistent basis" - to draw an analogy, these systems are still at risk of diseases that should have been vaccinated decades ago.

A harsh consequence

Anybody who happened to be awake in the UK over the last three months will clearly remember the Travelex ransomware incident - when a group known as Sodinokibi used the REvil ransomware to take the global currency giant offline on New Year's Eve. The consequences were devastating: over 5GB of sensitive customer data was claimed to have been stolen, necessitating a data breach disclosure to the ICO and resulting in widespread media coverage. As of the 3rd of February, some of Travelex's services still remain unavailable over a month later.

The way in

According to Sophos, the REvil ransomware relies on exploiting a vulnerability in unpatched copies of Pulse Secure VPN - a vulnerability which was patched by the vendor in April 2019 - and analysis of the Travelex incident by security researchers points to the company's failure to patch their Pulse system until November 2019, despite being warned about the issue as early as September of the same year.

If it ain't broke, fix it anyway

This only serves to illustrate the need for proactive and prompt action when it comes to installing security updates within an organisation. Once a security vulnerability is disclosed, publicised, and then fixed, it becomes much more likely that bad actors will, as in the Travelex case, begin hunting for systems which remain unpatched in order to take advantage of the now well-known and easy to exploit vulnerabilities within.

The best way for organisations to stay protected is to ensure that automatic update features are switched on within the operating system and critical software systems, along with deploying patch management solutions to keep track of and install updates in a centralised manner within the network.

There are also specific types of IT providers, called Management Service Providers or "MSPs", who will provide a range of remote management and support services, including the management of important security patches.

Don't give cybercriminals the chance.

Let us help make sure your systems are secure - email protect@jotnarsystems.com today.