Nearly two-thirds of organisations have failed to patch system vulnerabilities, even though fixes have been available for years
March 4, 2021

This damning indictment of lax security procedures was published in Bitdefender’s 2020 Business threat landscape report.

It revealed that an astonishing 64% of unpatched vulnerabilities that were reported in the first half of 2020 were caused by known bugs going back almost a decade.

The bottom line is that many organisations are still at risk from known flaws that were identified as long ago as 2002 and should have been fixed years ago.

In today’s increasingly dangerous cyber-environment, it’s quite simply an open door for criminals to hack their systems.

So why do organisations fail to apply patches?

The reasons why so many known Common Vulnerabilities and Exposures (CVEs) haven’t been addressed by so many organisations is up for debate.

In many instances, the most likely culprit is the fact that applying the necessary patches is a time-consuming and rather tedious task that many IT departments simply ignore.

Some organisations don’t apply security patches as they worry that they might have a negative impact on the smooth running of their operational systems, and rather worryingly, would rather run the risk of cyberattack.

Backward compatibility also plays a significant role in whether applications are patched, stemming from the fear that patching or upgrading a service or application might break compatibility with mission-critical software.

Whether it is planned, or mere apathy is a moot point.

One thing is certain, unpatched vulnerabilities provide criminal elements with an open door that can be easily exploited in order to deploy cyber-attacks and malware.

Presented with such a large attack surface, threat actors across the world have been quick to make the most of the opportunities resulting a huge rise in malware attacks, and they show no signs of slowing down.

One single vulnerability is all an attacker needs.

If 2020 was the year of spear-fishing emails, 2021 could see unpatched vulnerabilities making the headlines.

The reality is that when organisations fail to adopt patch management protocols that examine and assess the state of every machine in their network, they leave themselves exposed to serious risk.

The threat has been reinforced by the Edgescan 2021 Vulnerability Statistics Report which clearly shows that hackers are exploiting known, unpatched vulnerabilities in order to launch attacks. It even goes as far as to list the top 5 CVEs being weaponised, their impact, and the threat actors exploiting the vulnerabilities.

Not surprisingly, this issue has been greatly aggravated by the move to remote working. This has been confirmed by security researchers at Check Point who reported that since the lockdown, malware attacks in the UK increased by 80% in the third quarter of 2020.

So how can an organisation protect itself from a long list of threats that directly target these vulnerabilities?

The key steps to protecting your mission-critical IT systems from an ever-growing threat.

At Quadris, we have years of hands-on experience of delivering expert advice on a range of IT issues, not least on how to ensure that all systems are updated, patched, and protected at all times.

In order to achieve these ends, below is list of critical actions that we employ:

To start with it is crucial that you are continually informed about recognised vulnerabilities and patch releases, so that you can act on them immediately. This requires a system that goes above and beyond the standard updates that software publishers release periodically.

Every organisation should have a direct line to an authoritative source that delivers comprehensive and regularly updated lists of vulnerabilities as soon as they become available.

These updates become the lynch pin of a comprehensive patching policy and roll out procedure that covers and protects every single piece of mission-critical IT infrastructure and associated digital devices.

But even a comprehensive patching policy in itself isn’t sufficient.

For a large-scale organisation, manually patching every device is an almost impossible task. You need high-quality automated tools that enable you to implement the changes at scale and at speed.

Last, but by no means least, you need a network design that gives you the resilience that allows you to test and patch without impacting the smooth running of the IT system as a whole.

For example, with a high resilience network instead of patching the live system, you can take a copy of a sample database and test it with known scripts to ensure it has no adverse effects before patching the main database.

Furthermore, this built-in resilience enables you to take snapshots as you proceed, so that you can failback more easily should errors occur.

One of the biggest obstacles to achieving all the above is having the resources and expertise to ensure that it is all carried out to the high standards that it demands.

If it all sounds a bit overwhelming and beyond the abilities of your internal IT department, don’t worry because help is at hand.

Let Quadris secure your systems and protect your organisation.

At Quadris, we have the expertise and skills to call upon a powerful set of services that combine to protect all your IT systems. These can be seen most notably with our Managed Cloud and Infrastructure and Managed Digital Workspace solutions.

We have a vast amount of experience in developing resilient networks that can survive the rigours of the most demanding of scenarios without resulting in downtime.

We stay at the forefront of threat detection by tapping directly into the feeds of the Talos Security Intelligence and Research Group and Threat Grid. This alerts us to any potential cyber-threats that are on the horizon, before they impact your network.

We employ a range of high-quality tools to ensure that patches and updates are implemented as soon as they are available and with minimal impact on your organisation’s operations.

Finally, to ensure you always maintain full control over the security of your IT operations, we have developed EyeQ, an Intelligent and intuitive customer portal that allows you to see clearly and quickly that we are delivering on everything our solution promises.

EyeQ provides you with an extensive range of reports including: proof that maintenance tests have all been completed, the status of anti-virus software, alerts to any security incidents that have taken place, the ongoing status of backups, adherence to all agreed SLAs, the number of tickets that are open and the status of all tickets, plus many additional useful features.

Perhaps most importantly, we have the people and the expertise to deliver on our promises. This includes a round-the-clock service desk that is ready to deal with any issues, staffed by professional front-line technicians and backed up by industry leading experts. So, if a threat is detected you can rest assured that your systems are in safe hands.

It’s time to close the door on hackers or pay the price in the future.

As hackers become more sophisticated, every organisation must respond by placing strict security protocols at the very centre of their IT systems and move as rapidly as possible toward a position of zero-trust security.

In today’s increasingly dangerous cyber space, it’s no longer a question of whether you can put a price on securing your organisation’s data, but whether you can afford not to.

To find out more about our security-focused solutions and how they can protect your mission-critical IT systems, contact Peter Grayson on 0161 537 4980 or 

More Articles