In theory, anyone who depends on software should patch a vulnerability as quickly as possible. That goes for consumers as well as enterprises. In hindsight, Equifax would likely agree. The major breach of 2017 was, in part, the result of a failure to patch in a timely manner, writes security thought leader Kevin E. Green. But there are many reasons why patching doesn't happen quickly. Or at all.
According to the "2019 Vulnerability and Threat Trends Research Report," published by Skybox Security, part of the problem is security teams are overwhelmed by the number of new vulnerabilities — 16,000 were reported last year — making patching rather unmanageable. Some organizations can't patch quickly because the risk of downtime far surpasses that of the vulnerability. Still others don't have a patching policy in place that identifies who is responsible for patching what and when.
"When you consider that [quality assurance] testing should take place before a patch is rolled out, and that many organizations have to work around defined 'downtime windows,' it becomes clear that every organization, every day of the year, is vulnerable to known attack vectors," says Bob Noel, VP of strategic relationships for Plixer.
So how can security teams make patching a smoother process? Here are five ways.
Image Source: MyCreative via Adobe Stock