Few things are as frustrating as when you are busy and a window pops up telling you, “There is an update available, would you like to install this?” In a rush, you click ‘cancel’ or ‘remind me later’.
As the day progresses you forget about that update and continue as usual. This does not only happen to you but also to some System & IT administrators. With all of these frequent updates, it may feel overwhelming with a sense of dismay that one will not get up to date.
Unfortunately, this is where hackers get their way into your machine and servers. Unpatched machines tend to have more flaws; these flaws are generally known as vulnerabilities:
- Mozilla Firefox (CVE-2019-11707)
- VLC (CVE-2019-5439)
- Adobe Flash (CVE-2019-7845)
- Microsoft Products (https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573)
- Google Chrome (CVE-2019-5837, CVE-2019-5836, CVE-5834 etc.)
- Google Android (CVE-2019-2259, CVE-2019-2255, CVE-2019-2043 etc.)
- MacOS (CVE-2019-6234, CVE-2019-6231, CVE-2019-6230 etc.)
Most of these updates are not just there to add more features but also to provide better security and patch these critical flaws as they are discovered. Updating does not only protect you but also those you are in contact with. A compromised machine can infect other machines on the same network, it can infect contacts that you frequently contact via Email, instant messaging and even Remote Desktop Sessions.
On 7 September 2017 Equifax, in the US, stated that they were breached. The company did not disclose the breach for six weeks. This breach included over 148 million people and could have been prevented by a single update that was released two months prior to the breach. There is a valuable lesson there.
Locally in South Africa, we have not been left in peace either; Liberty Life, Sterk Kinekor and Master Deeds are to name but three local companies that we know who have recently been breached. It only takes one employee to open a door for malware that can cause serious damage to your company. South Africa is a perfect target for hackers since many SMEs do not have the basic security procedures in place.
By not updating the software and frameworks to save a bit of time can cost you much more than waiting for those critical updates to complete. This is the one point we all have to focus on in order to improve our overall security standing globally. The number of tools currently available to assist with updating machines and checking for known vulnerabilities is readily available.