Patching is nothing new. It is an IT responsibility and something that has not concerned the rest of the business. We have always known we need to do it, as well as the possible consequences for not doing it. But then what are the chances that something is going happen? For most, it comes down to prioritization based on risk and exposure. Up until recently, the risk seemed fairly low compared with some of the other tasks IT has on its plate.
Then came WannaCry, our wake-up call to get our act together with patching. WannaCry reached 150 countries and 200,000 systems, according to Europol. It has generated vast media coverage, which told business leaders that patching software is something they should be concerned about.
Patching endpoints, servers, or third-party applications is typically not the top thing on our minds, although it is always in the back of our minds. Without automation, it can be a tedious job and easily pushed to the bottom of the to-do list. But I’d be willing to bet we all have a renewed interest in patching our systems, since we have been reminded of the doors it can leave open to cyber-criminals.
Beyond the recent scare with WannaCry, there are other good reasons to make sure we are patching regularly. Below are just a few to consider.
Maintenance equals prevention. This is true for a lot of things—cars, homes, even our bodies. Patching is just one way we can maintain our IT systems’ health. The key is to make sure this is a scheduled activity that can’t be bounced from the calendar. That means giving it high priority, especially during quiet times.
Leaving the door open. Software vulnerabilities are the equivalent of a house left open, with lights on and no one home, which welcomes a robber. It is an invitation for cyber-criminals to come in and make themselves at home. This has always been the number one reason to make sure patching is done. WannaCry was the wake-up call. Expect many similar threats to follow.
Impact on business. We mentioned before that patching is an IT thing. But the consequences of not patching can be business disruption. It is important for business leaders to understand what patching is, as well as the investment in time and resources that is required to get it done. Explain it in a way they will understand. A simple way to do that is to utilize a cost-of-downtime tool, such as Datto’s RTO tool, which lets you easily calculate the cost of unavailable business systems.
You network is flexible. Let’s face it, your network has expanded due to the flexibility that your users have been given. Most companies allow for access to corporate data outside the physical walls. This means your network is expanded to places you didn’t even know exist. That being the case, how can you overlook something so simple as patching, which can help protect your expanded network?
There are a lot of good reasons to do patching, but the most important question to ask yourself is: Can you afford to not do patch management? There are many ways to get this done, but it requires you to stop procrastinating and move it to the top of the list. Outsourcing patch management is a good option for companies that have resource restraints. The cost is far less than hiring more resources, and outsourcing comes with service-level agreements that assure you the job is getting done. Either way, do it yourself or have someone do it for you. It’s time to re-prioritize patching.