Patch Management Isn’t Just a Security Issue. It’s a Business Issue.
At the same time, IT still has its to-do list. And one of the most important items on it is patch management.
When I talked about the four critical elements of a best-in-class patch management strategy, I focused on the role patch management plays in ensuring security. However, that takes for granted that everyone values software security in the first place. In this article I wanted to look at the business risks a company faces when it falls behind on patch management.
The first and perhaps largest impact of insecure software is on operations. Think about what your day would look like if ransomware took over your laptop. According to a report by SentinelOne, it takes companies an average of 33 employee hours to replace data that’s been encrypted by a ransomware attack with back-up data. If you think being without your computer for 2-4 days would be frustrating, imagine what would happen if every single computer on your network went offline for half a week.
Once you’re up and running the real work of remediation begins. According to a SANS report on the post-breach impact of cyber attacks, the remediation process took 23% of companies up to a month to fully remediate breaches, with another 23% taking 1-3 months. An additional 38% took 3 months or longer to fully remediate their breaches. Remediation costs for external consulting services ranged from $1,000 to more than $100M, depending on the nature and complexity of the breach.
Litigation and Fines
The damage can continue long after systems are restored. Allscripts Healthcare Solutions was recently sued by customers over disrupted services and lost patient data after a ransomware attack took down the medical records and scheduling service. While one of the first suits of its kind, in our litigious society you can be sure more will follow. Even if you’re not sued, expensive lawyers and large payments will be required to navigate and settle regulatory proceedings, fines and penalties.
According to a study by the Ponemon Institute and identity management firm Centrify, more than 75% of marketers believe a cyber security breach is a threat to a firm’s brand value, outranking CEO scandals, product recalls and environmental disasters. Think about Equifax–for a company that asks people to trust it with their most sensitive data, a massive cyber attack was the worst thing that could happen to their brand. Even a low-profile attack can make current and future customers wary of trusting your company.
While your company can survive a cyber attack, your career might not. IT staff at every level will be held responsible for a damaging, preventable attack that happens on their watch. And it’s not just an IT manager, CIO or Chief Security Officer whose heads will roll. CEOs and even board members are now expected to make cybersecurity a business priority. The CEOs at Target, Sony, FACC and Equifax all lost their jobs in the wake of massive data breaches.
When you add it up, the answer is clear. Effective patch management, as part of a holistic view of technology security, is more than just an IT investment. It’s an investment in your business, your brand and even your future employment.
Related Blog Posts
Over the course of my career in streaming events, I have seen a lot. I have done webcasts in some of the smallest offices, on factory floors, as well as some of the biggest convention centers and hotel ballrooms in the world. I have even conducted a live...read more
When I was a Kollective customer at one of the largest banks in America, I developed an Online Video Team to manage on Demand publishing and live event streaming. Today, that team is an integral part of the planning and execution of hundreds live video events. These...read more
Hopefully everyone is aware that Microsoft will be ending support for Windows 7 in 2020. There are many blog articles and press releases pushing this point. Organizations have had a couple years of extended support, thus paying additional fees to Microsoft for...read more