Patch Management Isn’t Just a Security Issue. It’s a Business Issue.
At the same time, IT still has its to-do list. And one of the most important items on it is patch management.
When I talked about the four critical elements of a best-in-class patch management strategy, I focused on the role patch management plays in ensuring security. However, that takes for granted that everyone values software security in the first place. In this article I wanted to look at the business risks a company faces when it falls behind on patch management.
The first and perhaps largest impact of insecure software is on operations. Think about what your day would look like if ransomware took over your laptop. According to a report by SentinelOne, it takes companies an average of 33 employee hours to replace data that’s been encrypted by a ransomware attack with back-up data. If you think being without your computer for 2-4 days would be frustrating, imagine what would happen if every single computer on your network went offline for half a week.
Once you’re up and running the real work of remediation begins. According to a SANS report on the post-breach impact of cyber attacks, the remediation process took 23% of companies up to a month to fully remediate breaches, with another 23% taking 1-3 months. An additional 38% took 3 months or longer to fully remediate their breaches. Remediation costs for external consulting services ranged from $1,000 to more than $100M, depending on the nature and complexity of the breach.
Litigation and Fines
The damage can continue long after systems are restored. Allscripts Healthcare Solutions was recently sued by customers over disrupted services and lost patient data after a ransomware attack took down the medical records and scheduling service. While one of the first suits of its kind, in our litigious society you can be sure more will follow. Even if you’re not sued, expensive lawyers and large payments will be required to navigate and settle regulatory proceedings, fines and penalties.
According to a study by the Ponemon Institute and identity management firm Centrify, more than 75% of marketers believe a cyber security breach is a threat to a firm’s brand value, outranking CEO scandals, product recalls and environmental disasters. Think about Equifax–for a company that asks people to trust it with their most sensitive data, a massive cyber attack was the worst thing that could happen to their brand. Even a low-profile attack can make current and future customers wary of trusting your company.
While your company can survive a cyber attack, your career might not. IT staff at every level will be held responsible for a damaging, preventable attack that happens on their watch. And it’s not just an IT manager, CIO or Chief Security Officer whose heads will roll. CEOs and even board members are now expected to make cybersecurity a business priority. The CEOs at Target, Sony, FACC and Equifax all lost their jobs in the wake of massive data breaches.
When you add it up, the answer is clear. Effective patch management, as part of a holistic view of technology security, is more than just an IT investment. It’s an investment in your business, your brand and even your future employment.
Related Blog Posts
IoT. Cyber security. Cloud apps. Live video. Big Data. Mobile. Everywhere you look, digital transformation is impacting the way enterprises are doing business. However, for many enterprises digital transformation is further down road than in the rear view mirror....read more
Enterprise Connect is an annual expert-led conference covering the latest systems, software, services, and applications for enterprise communications and collaboration. At the show, our team noticed a couple of themes worth sharing. Theme 1: Technology should be...read more
We started mapping our video journey with our four lanes, all going in the same direction towards the establishment of a Video Center of Excellence for your company. You may have heard me say “Content is King, and Delivery is Queen”. (Ask around, I say it a LOT)....read more