Patch Management Isn’t Just a Security Issue. It’s a Business Issue.
At the same time, IT still has its to-do list. And one of the most important items on it is patch management.
When I talked about the four critical elements of a best-in-class patch management strategy, I focused on the role patch management plays in ensuring security. However, that takes for granted that everyone values software security in the first place. In this article I wanted to look at the business risks a company faces when it falls behind on patch management.
The first and perhaps largest impact of insecure software is on operations. Think about what your day would look like if ransomware took over your laptop. According to a report by SentinelOne, it takes companies an average of 33 employee hours to replace data that’s been encrypted by a ransomware attack with back-up data. If you think being without your computer for 2-4 days would be frustrating, imagine what would happen if every single computer on your network went offline for half a week.
Once you’re up and running the real work of remediation begins. According to a SANS report on the post-breach impact of cyber attacks, the remediation process took 23% of companies up to a month to fully remediate breaches, with another 23% taking 1-3 months. An additional 38% took 3 months or longer to fully remediate their breaches. Remediation costs for external consulting services ranged from $1,000 to more than $100M, depending on the nature and complexity of the breach.
Litigation and Fines
The damage can continue long after systems are restored. Allscripts Healthcare Solutions was recently sued by customers over disrupted services and lost patient data after a ransomware attack took down the medical records and scheduling service. While one of the first suits of its kind, in our litigious society you can be sure more will follow. Even if you’re not sued, expensive lawyers and large payments will be required to navigate and settle regulatory proceedings, fines and penalties.
According to a study by the Ponemon Institute and identity management firm Centrify, more than 75% of marketers believe a cyber security breach is a threat to a firm’s brand value, outranking CEO scandals, product recalls and environmental disasters. Think about Equifax–for a company that asks people to trust it with their most sensitive data, a massive cyber attack was the worst thing that could happen to their brand. Even a low-profile attack can make current and future customers wary of trusting your company.
While your company can survive a cyber attack, your career might not. IT staff at every level will be held responsible for a damaging, preventable attack that happens on their watch. And it’s not just an IT manager, CIO or Chief Security Officer whose heads will roll. CEOs and even board members are now expected to make cybersecurity a business priority. The CEOs at Target, Sony, FACC and Equifax all lost their jobs in the wake of massive data breaches.
When you add it up, the answer is clear. Effective patch management, as part of a holistic view of technology security, is more than just an IT investment. It’s an investment in your business, your brand and even your future employment.
Related Blog Posts
As the Enterprise Video Strategy Manager for Kollective in EMEA, I help our customers reach video success. I get the opportunity to engage with all the people involved in producing live events; whether they are speakers, owners, part of in-house production or hired...read more
A little over a year ago, deep down in the Kollective labs, we set off on a journey. A journey to add additional use cases to our world leading, cloud based, network optimised peering solution for enterprises. Another massive event happened around the same time – my...read more
Over the years, Kollective’s customers have been driving innovation in content strategy. Building upon the basics of executive messaging and training, companies have launched regular programs that deliver company information, co-workers doing great things in their...read more