Feb 08 2015

Remember To Cover The Basics

It may seem obvious. It may be old hat. But it’s always worth repeating. Especially in light of a recent Cisco study that reveals that many IT teams fail to take even basic security steps.

And what are those most basic of steps? Things like taking the time to apply critical patches when released, or maintaining up-to-date code levels. By being lax in these extremely obvious and supposedly routine procedures, an organization can be left open to major vulnerabilities for no good reason.

Perfect examples of incidents which warrant rapid patching would be such things as the Heartbleed bug. With that vulnerability, vendors were quick to respond with the appropriate patches, but unless your company was equally swift in applying the necessary fixes, your assets remained exposed.

It is strongly recommended that an organization establish and maintain processes and procedures for both checking all systems for patches and updates as well as the methods for which such patches are applied effectively. Nowadays, many vendors have automated support emails sent to inform customers of a new patch or version, which helps your team keep on top of the update cycles.

In addition, it’s worth considering having your network scanned, either by internal or external resources. Doing this periodically will help audit things to ensure all systems are being patched and nothing is overlooked. By engaging a reputable firm to handle the auditing, or even pen testing, you allow your organization to receive valuable feedback relevant to the security of your network and all the systems on it. If there are software issues or vulnerabilities, odds are a penetration tester will find it during the scanning process, and they will be able to help offer remediation steps.

Sometimes, no matter the defensive measures you put in place, things will be breached. But many other times, breaches come about because someone failed to patch a long-known exploit. By following basic rules about timely patching, you can help ensure your systems don’t present themselves as an easy target.