The Easy (and Free) Cybersecurity Measure You’re Not Using
On May 12, 2017, the WannaCry cyberattack was unleashed upon the world, infecting hundreds of thousands of computers in more than 150 countries. About one month later, the NotPetya cyberattack used the same vulnerability exploited by WannaCry to infect thousands more. Among the hardest hit was shipping giant Maersk, which had to reinstall 4,000 servers, 45,000 PCs, and 2,500 applications with losses of up to $300 million due to business interruption.
Both attacks exploited a vulnerability in older Windows operating systems for which Microsoft had issued a patch on…March 14, 2017—nearly two months before the attacks began.
Software manufacturers report that somewhere between a quarter and a third of people do not routinely updated their devices and software. There are many reasons why businesses might neglect to install software and hardware (firmware) patches and updates: sometimes it’s a compatibility issue where a software application won’t work properly with the updated operating system; sometimes updates require users to enter license or registration keys that they no longer have; some have had a bad experience with an update in the past; and some simply believe it’s not important to update or that the update is merely a marketing ploy.
As WannaCry and NotPetya demonstrated, updates are crucial to good computer security. Just about every software and operating system update contains security patches for what we call “known vulnerabilities,” that is, a security vulnerability that has been discovered either by researchers or criminals that leaves your system open to a potential data breach. For example, Windows 7, the most popular operating system in the world, currently has 1,037 known vulnerabilities. Theoretically, that’s 1,037 ways a cybercriminal can access your computer and systems without you knowing.
Patches and updates generally cost nothing but are a vital part of maintaining a more secure system. A robust cybersecurity program will prioritize updates and include a process for ensuring all software and hardware are updated regularly, preferably automatically when possible. And this means every application; the 2017 Equifax breach that affected roughly 143 million consumers was caused by a known vulnerability in a small, esoteric software program used to create web applications.
If you’re not sure if a particular piece of hardware or software is update, visit the support page of the manufacturer’s website. It should have the latest updates available for download as well as instructions for maintaining updates. It’s a quick win for your cybersecurity posture.