One of the oft-cited benefits of cloud computing is that software maintenance and updates are all taken care of by the vendor. It’s their job to release things like critical security fixes as soon as possible. What they can’t be expected to do, however, is keep your own software systems up to date. In other words, if the device you’re using to access a cloud service is left exposed, the service itself may also be at risk.
As businesses reduce their reliance on in-house computing resources in favor of the cloud, it can be easy to overlook the importance of software updates and patch management. Despite this, there’s still a lot of client-side software even in the most cloud-centric environments, such as operating systems, firmware, and web browsers.
The human element plays a large role in cybersecurity, without which technical measures are largely irrelevant. Among these measures is the need to keep all software up to date. Too often, people ignore or postpone the reminders, which admittedly tend to come at inconvenient times, until something bad happens.
Especially in more complex software, such as operating systems, many security vulnerabilities only come to light after the software is released. Reputable software vendors tend to fix these vulnerabilities as soon as possible once they’ve been discovered – hopefully before anyone has a chance to exploit them. If the vulnerability requires a more complicated solution, vendors might instead release a temporary fix to mitigate it, or even disable the problematic feature for a time. This might sound inconvenient, but it’s vital for preventing malware and other attacks from targeting those vulnerabilities.
There’s also the issue of unsupported software. All software vendors have limited resources, which is why they only support more recent editions of their products. For example, Microsoft stopped mainstream support for Windows 8.1 on January 9, 2018. Once software reaches the end of its lifecycle, the vendor will stop releasing updates for it, including critical security fixes. In the case of Windows, many organizations that were still using Windows XP during the 2017 WannaCry ransomware attack found out the hard way, since the deprecated operating system was a top target for hackers.
Unless otherwise noted by your Managed Services Provider, it’s important to install all critical security updates as soon as they’re available. This includes not only desktop operating systems and software, but updates for mobile devices and IoT devices as well. Even small, embedded devices, such as smart thermostats and connected door locks use their own trimmed-down operating systems known as firmware. Any vulnerabilities found in such firmware can also be exploited, potentially giving an attacker access to your broader network. That’s exactly how hackers managed to break into the high roller database in a Las Vegas Casino. Rather than targeting the database directly, they hit an internet-connected fish tank that was connected to the same network.
In addition to keeping all software up to date, you should also be wary of using any devices or software that’s reached the end of its support lifecycle or doesn’t meet current cybersecurity standards. For example, older network routers and range extenders may not have sufficient protective measures in place, and it might not be possible to fix them with software updates alone. Such devices and software should be retired as soon as possible.
If, for whatever reason, you still need to use an obsolete operating system or other software, you should only do so in a completely isolated environment. In other words, any vulnerable or unsupported endpoints should be disconnected from your network.
With a robust endpoint management solution, SeedSpark can automate all important software updates and know exactly which systems have reached the end of their support lifecycles. We'll let you know when to isolate or retire them before any vulnerabilities might be exploited, always keeping your data safe and secure.
SeedSpark is proud to support our clients with industry-leading tools and knowledge that help protect their networks. By building a complete cybersecurity strategy, we ensure that businesses of every size have the enterprise-level cybersecurity needed to protect their data in today's ever-changing cybersecurity landscape. Get in touch today to get the proactive IT support you need to succeed.