Small and Medium Organizations: Automatically patch operating systems and applications
According to a recent survey published by ServiceNow, patching could have prevented 57% of breaches suffered by organizations. Patching is an easy win for small and medium organizations.
What is patching?
Cyber threat actors can exploit hardware and software defects and vulnerabilities for malicious purposes. Your organization can reduce cyber security risks by patching software as soon as updates are available. Enabling automatic updates is a practical approach to keeping systems and applications up to date.
Not all hardware or software have automatic update options, and not all vendors provide security updates for their products. We recommend that your organization replaces unsupported products if possible. If your organization continues to use unsupported products, you should create a plan to manually update or somehow isolate the product from the rest of your organization’s information systems and assets.
Patching can have unexpected outcomes. For example, an update can accidentally prevent an application or device from working. Unfortunately, these examples are more common than you think. We recommend testing patches before applying them. Your organization should also consider operating a full vulnerability and patch management solution. While this approach is more expensive, it can reduce the risks from patching too quickly or not quickly enough.
Recommendations for your organization:
- Enable automatic patching for all software and hardware
- Replace unsupported software and hardware
- Consider implementing a full vulnerability and patch management solution