You can read the first part of of this series here.
A recent paper from the Center for Strategic and International Studies contains some striking cyber security statistics. It included the fact that more than 90% of successful corporate network breaches required only the most basic techniques and that 75% of them exploited known vulnerabilities in commercial software. In summary, hacking is easy because computer systems have widely known vulnerabilities that can be exploited by anyone possessing basic computing skills and access to the internet.
Why updating your software is so important
Research from the DOD Defence Signals Directorate has established that just four mitigation strategies can prevent more than 85% of attacks. These strategies are:
- Implementation of application whitelisting
- Effective Operating System patching
- Effective software application updates
- Restriction of administrative privileges
Note that two out of the four mitigation strategies are about updating the software that is already installed on computer systems.
Operating System patches are issued by the vendor when a software defect has been fixed. Generally patches are classified in order to indicate the severity and impact of the problem they resolve. Rather than issue them individually most vendors collect their patches together in the form of periodic updates to their Operating Systems.
Using patch classification to prioritize the deployment of security patches is vital since hackers will start exploiting new vulnerabilities once they are known. As soon as a security fix is available the clock is ticking…
Keeping desktop applications up to date is as important as patching the underlying Operating System. The difference comes from how updates are packaged and delivered, with less distinction made between the type of fix and its severity. In terms of deployment, some applications incorporate a self-update feature and others rely on the end-user or system management tools.
Reasons why patching is incomplete
Large organizations typically automate the task of software deployment using management tools such as Microsoft System Center. This should result in updates being deployed to all devices in a timely manner however there are still reasons why this fails, for example:
- Devices are switched off at the time of the update
- End-user intervention is required such as a reboot
- Software must be deployed over slow network links or to remote users
- The computer system is considered business critical and therefore updates must go through an approval process
These issues can be solved using modern systems management tools such as Nomad and NightWatchman however the challenge for most organisations is that the problem is hidden. Why not benchmark your organization to find out how you are doing?
In my next article I will look at the final mitigation strategy – restricting administrative privileges.