Patch Management Isn’t Just a Security Issue. It’s a Business Issue.
At the same time, IT still has its to-do list. And one of the most important items on it is patch management.
When I talked about the four critical elements of a best-in-class patch management strategy, I focused on the role patch management plays in ensuring security. However, that takes for granted that everyone values software security in the first place. In this article I wanted to look at the business risks a company faces when it falls behind on patch management.
The first and perhaps largest impact of insecure software is on operations. Think about what your day would look like if ransomware took over your laptop. According to a report by SentinelOne, it takes companies an average of 33 employee hours to replace data that’s been encrypted by a ransomware attack with back-up data. If you think being without your computer for 2-4 days would be frustrating, imagine what would happen if every single computer on your network went offline for half a week.
Once you’re up and running the real work of remediation begins. According to a SANS report on the post-breach impact of cyber attacks, the remediation process took 23% of companies up to a month to fully remediate breaches, with another 23% taking 1-3 months. An additional 38% took 3 months or longer to fully remediate their breaches. Remediation costs for external consulting services ranged from $1,000 to more than $100M, depending on the nature and complexity of the breach.
Litigation and Fines
The damage can continue long after systems are restored. Allscripts Healthcare Solutions was recently sued by customers over disrupted services and lost patient data after a ransomware attack took down the medical records and scheduling service. While one of the first suits of its kind, in our litigious society you can be sure more will follow. Even if you’re not sued, expensive lawyers and large payments will be required to navigate and settle regulatory proceedings, fines and penalties.
According to a study by the Ponemon Institute and identity management firm Centrify, more than 75% of marketers believe a cyber security breach is a threat to a firm’s brand value, outranking CEO scandals, product recalls and environmental disasters. Think about Equifax–for a company that asks people to trust it with their most sensitive data, a massive cyber attack was the worst thing that could happen to their brand. Even a low-profile attack can make current and future customers wary of trusting your company.
While your company can survive a cyber attack, your career might not. IT staff at every level will be held responsible for a damaging, preventable attack that happens on their watch. And it’s not just an IT manager, CIO or Chief Security Officer whose heads will roll. CEOs and even board members are now expected to make cybersecurity a business priority. The CEOs at Target, Sony, FACC and Equifax all lost their jobs in the wake of massive data breaches.
When you add it up, the answer is clear. Effective patch management, as part of a holistic view of technology security, is more than just an IT investment. It’s an investment in your business, your brand and even your future employment.
Related Blog Posts
Delivering video securely and to scale across the enterprise is a challenging task. There are countless new security and privacy risks to be conscious of, as well as ever-evolving technologies and systems to keep up to date with. In an industry where we are faced...read more
When we talk about digital transformation, we often talk about the corporate leaders who are leading their companies into a brighter digital future. IT is merely seen as the people who are charged with executing the plan (and the people who will take all the blame if...read more
When your live video initiatives suffer setbacks—whether from hardware trouble, livestream problems or lack of resources—regaining the trust of employees and executives can be a challenge. But given all the benefits that video offers organizations, it’s an effort...read more