12TH OCT 2023
Imagine your computer is like a secret clubhouse, and you have a special lock to keep it safe. But sometimes, bad people try to find ways to break the lock and get inside your clubhouse. Software patches are like getting new, stronger locks for your clubhouse. They help fix any weak spots in your lock that the bad people might know about.
Updating the applications and operating system on your computer and other devices is one of the simplest ways to protect your data and devices from intrusion attempts. And yet, you’ll be surprised how many people and organizations avoid this very easy fix.
This ambivalent attitude towards security updates (and you're hardly alone in thinking this) boils down to a lack of awareness and cybersecurity habits. Let’s tackle the most important question first.
For starters, they can protect you against a multiverse of cybersecurity threats:
An unpatched system is a lot like that mysterious house of horrors, with broken window panes and useless locks that let all manner of scummy cyber threats inside. Wouldn’t it be nice if there were no rude surprises waiting for us as we log in?
You see, software updates have more pressing issues than keeping cybersecurity baddies out.
Software patches can also do these nice little things:
With so many incentives, it is crucial to get into a habit of regularly updating our apps.
Believe it or not, the top five exploited software vulnerabilities in 2022 came from high-severity flaws in most commonly used enterprise software such as:
Microsoft Exchange
Zoho ManageEngine products
Fortinet VPN
Citrix VPN
Pulse Secure VPN
It gets worse. The attackers exploited flaws that first became apparent in 2017. Interestingly, 4 out of these 5 software applications were patched to get rid of these vulnerabilities years ago.
Undoubtedly, IT teams need to act fast in such an eventuality because:
What do these observations tell us? There is a dire need to educate IT teams as well as users about patch management.
Tech industry leaders are cognizant of the dangers of unpatched software, with Apple deploying rapid security patches and Microsoft doing Patch Tuesdays to release software patches at a regular cadence. It is a good idea to keep an eye out for security bulletins issued by software vendors.
Whenever software updates become available, vendors upload them on their official websites for users to download. Alternatively, users can check installed apps on their devices for updates.
In an enterprise environment, IT managers can push out relevant updates to workstations, eliminating the need for users to do it on their own. However, user consent is still required to install these updates.
There are two ways to update your software packages:
One last thing. Software developers aren’t around to support their applications forever. This brings us to End of Life (EOL) software.
Nothing lasts forever. Every piece of software or hardware reaches obsolescence at some point. And when it reaches that point, it is too outdated to maintain.
EOL software leaves you vulnerable to new cybersecurity threats. They are also not supported by vendors, meaning you won’t get updates for it. And then there are various compatibility issues that can occur down the line.
The Cybersecurity and Infrastructure Security Agency (CISA) says:
It is estimated that the latest security updates and patches would’ve prevented nearly 60% of data breaches. Given the performance and feature benefits that software updates bring to the end user, it is high time that companies develop cybersecurity awareness campaign ideas that work towards making stakeholders responsible with a proactive approach to security.
Online scammers also use software updates as a pretext to trap you. Here are a few things to keep in mind:
Note: This blog is part of Pureversity's Cybersecurity Awareness Month 2023 coverage, aiming to empower you, your home, and your workplace with an improved cybersecurity posture.
