Organizations must maintain a strong foundation as the cybersecurity landscape continues to evolve. Did you know that over twenty years ago Microsoft started implementing Patch Tuesdays? While patches and software updates used to serve as an IT requirement, cyberattacks such as WannaCry elevated them to a security requirement. Software updates and security patches are a critical component to a strong defense against cyber threats. Without properly updating and patching your software, attackers can exploit the unresolved security vulnerabilities. Today, it’s Patch Tuesday and tomorrow is exploit Wednesday.
Recently, Veritas released a cyber recovery checklist to help guide organizations in creating a cyber recovery plan. One of the foundational requirements of this guide starts with updating software and security patches. This step should be done within the first 30 days of creating the organization’s cyber recovery plan because without the most up-to-date and fully patched software, this can be an invitation to cybercriminals. As Caroline Wong, Chief Strategy Officer of Cobalt.io, states in the book Back to Basics: Focusing on the Fundamentals to Boost Cybersecurity and Resilience, "We must fix security issues. It's not good enough to just focus on finding security issues - the quality of software and data protection does not improve until problems are addressed and eliminated."
Patch Tuesday is quickly followed by Exploit Wednesday for organizations who have yet to make a plan. Threat actors have become highly skilled at acting swiftly. Delaying the implementation of a patch creates an unintentional opening for a cyber threat. With the security vulnerabilities now publicly available from Patch Tuesday, the opportunity to take advantage of unpatched machines is irresistible to a hacker. In April 2024, on Patch Tuesday, Microsoft released 149 CVEs (common vulnerabilities and exposures). That was one month of patches. Imagine how vulnerable an organization would be if they delayed implementing 149 patches – from just one month.
The impact missing Patch Tuesday is insurmountable. Here are my 5 recommendations on how to stay on top of updates and patches.
Deploying security patches and software updates is imperative for everyone across the organization today. Out-of-date software has several implications including allowing attackers to exploit unmitigated security vulnerabilities. Ignoring software and security updates can built up and while it may seem time consuming in the moment, it isn’t more time consuming than a cyber-attack. Make a plan today to implement security updates and stick to it.
Listen into our Veritas L!VE episode to hear more on this topic from myself and Caroline Wong.
Learn what else you can you to defend against cyberattacks be cyber resilient.