Penelope Feros, APAC Vice President – Employee Experience Management at Ivanti, reports on Patch Tuesday.
Patch Tuesday refers to every second Tuesday of the month when Microsoft, Adobe, Oracle and others release new security-related patches for their software. If you’re a Windows user, you are probably familiar with this concept from the notifications you receive asking you to install updates and restart your computer. The process of patching allows for vulnerabilities and errors to be rectified, in the same way keeping mobile applications updated helps prevent security breaches. Understanding such newly-identified vulnerabilities enables companies to assess the issues and mitigate associated risks, as attackers often exploit out-of-date systems.
Patch Tuesday vulnerabilities are segmented into four categories: critical, important, moderate and low. These categories reflect the vulnerability’s risk and potential impact if exploited. Critical vulnerabilities can allow code execution without user interaction, while important vulnerabilities usually involve some sort of prompt and can lead to data being compromised if exploited. In contrast, the impact of moderate and low vulnerabilities is significantly lower and immediate patching is less important.
Occasionally, if there is a really critical vulnerability, there will be ‘out-of-band’ updates published during other times of the month. However, since 2003, most patches have been gathered into one update on Patch Tuesday or ‘Update Tuesday’ – making the process more time-efficient and predictable.
In Q1 2022, there was a 7.6 per cent increase in vulnerabilities tied to ransomware, highlighting the importance of cybersecurity. To protect businesses against attacks, it is vital that software is kept up-to-date and secure.
Challenges of patching
Unfortunately, it is nearly impossible to patch all vulnerabilities within a reasonable timescale due to the increasing complexity of the cybersecurity environment. This issue is exacerbated by the technology talent shortage, making it incredibly challenging for businesses to hire enough qualified people to conduct patching. Without automation and prioritisation, patching is an extremely labour-intensive and mundane task, as security teams need to proactively find and apply patches. This is followed by a lengthy process of testing the patch, resolving failed patches, and coordinating with other departments to conduct updates. It is no surprise that 71 per cent of IT and security professionals find patching ‘overly complex and time-consuming’.
Easing the patching experience
At a time where talent retention has never been more important, it’s good to know that there are steps that businesses can take steps to improve the employee experience. Implementing a risk-based patch management solution from a specialist provider, such as Ivanti, can significantly improve the patching experience by helping IT professionals identify vulnerabilities and prioritise remediation, enabling them to focus their efforts on what matters most. Automated patching can also distribute thoroughly tested patches to thousands of machines in minutes, greatly improving work efficiency.
Ivanti’s recent Digital Employee Experience Report indicated that 49 per cent of IT professionals in Australia find the digital tools and environment provided by their organisation frustrating, and 29 per cent have even quit one or more jobs partly due to the apps and tech tools they had to use. This highlights the importance of ensuring employees are well-equipped with tools that help, rather than hinder their work experience, particularly when addressing issues as vital as cybersecurity.
Learn more about Ivanti’s solutions here.