Security Patches for Your Business – And Why Ignoring Them Could Be a Costly Mistake
Everyone loves upgrades and new features when it comes to software. After all, if the software in question can still do everything you need it to do, there is no harm in it doing even more. However, the vast majority of patches are security-related, and, in most cases, they are impossible to ignore.
A 2016 study found that 80% of companies that had suffered a data breach or otherwise failed an audit could have avoided any adverse effects by patching their systems more promptly. Meanwhile, an estimated 18% of network-level vulnerabilities are due to unpatched apps.
What Are Zero-Day Vulnerabilities and Why Are They on the Rise?
A zero-day vulnerability is a flaw or weak link in software operating systems that appears unintentionally. The term ‘zero-day’ refers to the fact that software providers have only recently become aware of the flaw. They effectively have ‘zero days’ in which to get it fixed – often done by way of a patch. In all cases, the software provider knows of a zero-day vulnerability, but there is not yet a fix available for users of the software. As such, the flaw remains unpatched and vulnerable to anyone looking to exploit it.
Experts estimate that 2021 could be a year of more zero-day issues than ever before. Google itself has speculated that there could be as many as three times as many such vulnerabilities found this year as in 2020. Some of that rise is down to more stringent reporting. Zero-day patch requirements only become news when the information is made available. Both Apple and Android have recently taken to including flaws in their security bulletins, spanning the majority of the world’s mobile devices.
That too contributes to the rise in zero-day problems – they can affect mobile devices just as much as desktops and laptops. With more phones and tablets in the world than ever before and thousands of apps from amateurs and professionals alike, a rise in code flaws was always likely.
Hackers are also getting better at exploiting vulnerabilities quickly, and their efforts increasingly focus on moving faster through systems to infect as many vulnerable devices as possible. Their attacks are also more complex and can often spread themselves rather than being directed by a human.
PrintNightmare – The Most Recent Zero-Day Vulnerability
Recent news surrounds PrintNightmare, a zero-day vulnerability related to the print queue in Windows 7. Microsoft users are no strangers to receiving patches, as the company is by far the biggest target for hackers seeking to exploit flaws. For example, of the 180 exploited deficiencies identified by Google in 2021, 94 involved Microsoft, with Adobe in a distant second with 27.
The PrintNightmare flaw was fixed in early August, with Microsoft deploying a patch to require administrative privileges for certain print functions exploited by the vulnerability.
With an average of 20 new zero-day issues arising each month in 2021 so far, it is impossible to tell what will be next, but a certainty that hackers are always on the lookout for the next coding issue to take advantage of.
Protecting Your Business Against Zero-Day Attacks
Attacks such as these are often out of the hands of businesses in many ways – it is usually down to the software vendor to ensure that any issues with their software are fixed as quickly as possible. However, that does not mean that companies are entirely helpless, and there are some essential steps in keeping your operations as secure as possible:
Ensure Your Preventative Measures are Up to Date
These vulnerabilities start with a software flaw but often turn into something similar to any online attack. The same measures taken against these attacks, such as strict firewall policies, active antivirus software, and restrictions on email attachments, can all ensure you do not fall victim to a zero-day exploit.
Have a Response Plan in Place
No business is ever genuinely immune to online threats, and some of the biggest, most valuable companies have fallen foul of hackers. So, accept that things potentially can go wrong, and have a plan in place to overcome them should the worst happen. Ensure that everyone in the organization knows what to do in the event of a breach. Have people in specific roles handle data backups, business-critical tasks, and anything else that can keep you as close to business as usual as possible.
Limit the Potential Spread
With attackers focusing so heavily on attacks that replicate themselves and spread quickly, it is essential to limit the spread. Keep backups offline, and use strict access procedures so that employees can only access the parts of the corporate network they need. If and when you identify an attack, take immediate steps to isolate the devices in question. This limits the time and opportunity for a spread.
Keep Software Up to Date
The nature of zero-day attacks means that there is not yet a patch available to close that particular loophole. However, a fix becoming available is not enough to deter attackers. In many cases, businesses do not use automatic updates and need to test new releases before they are deployed. That means that just because a fix is available, there are no guarantees it will be in place. So, wherever possible, when a new security patch becomes available for anything in your organization, deploy it as quickly as possible.
Patching and Remote Work
Remote work has risen significantly due to the pandemic and shows no signs of slowing down. One effect is that employees are becoming increasingly responsible for their hardware and software without as much oversight from IT teams.
If they use their own devices and software, it’s essential to educate them on the importance of patches and vulnerabilities. Make it part of your official corporate technology policy to ensure that they understand the concept of zero-day vulnerabilities and the importance of using common sense and the latest updates to keep things secure.
If they use company systems when working remotely, ensure that patches and updates are deployed as quickly as possible. Remote staff can be just as much of a weak link as anyone else when they access your systems and might be even more of a target when left unsupervised.
If managing remote systems becomes challenging and time-consuming, direct the IT team to prioritize vulnerabilities likely to have the most significant impact. For example, a zero-day patch in something remote employees only use very occasionally can be delayed in favour of one that interacts with something business-critical.
Zero-day exploits provide a challenge in that they are, by design, known about by attackers with no specific defence mechanism in place. The onus is on software developers to fix these issues as quickly as possible, hence the name, but businesses should also try to limit their exposure as best they can. This is often the most straightforward on-site, but remote employees should not be ignored.
Fortunately, many of the same security techniques that many businesses should already have in place can limit the impact of these vulnerabilities. In addition, a combination of common sense and focus from the IT team can reduce the chances of data loss and network breaches until an official solution becomes available. Contact us to learn more!