Patch Management Isn’t Just a Security Issue. It’s a Business Issue.
At the same time, IT still has its to-do list. And one of the most important items on it is patch management.
When I talked about the four critical elements of a best-in-class patch management strategy, I focused on the role patch management plays in ensuring security. However, that takes for granted that everyone values software security in the first place. In this article I wanted to look at the business risks a company faces when it falls behind on patch management.
The first and perhaps largest impact of insecure software is on operations. Think about what your day would look like if ransomware took over your laptop. According to a report by SentinelOne, it takes companies an average of 33 employee hours to replace data that’s been encrypted by a ransomware attack with back-up data. If you think being without your computer for 2-4 days would be frustrating, imagine what would happen if every single computer on your network went offline for half a week.
Once you’re up and running the real work of remediation begins. According to a SANS report on the post-breach impact of cyber attacks, the remediation process took 23% of companies up to a month to fully remediate breaches, with another 23% taking 1-3 months. An additional 38% took 3 months or longer to fully remediate their breaches. Remediation costs for external consulting services ranged from $1,000 to more than $100M, depending on the nature and complexity of the breach.
Litigation and Fines
The damage can continue long after systems are restored. Allscripts Healthcare Solutions was recently sued by customers over disrupted services and lost patient data after a ransomware attack took down the medical records and scheduling service. While one of the first suits of its kind, in our litigious society you can be sure more will follow. Even if you’re not sued, expensive lawyers and large payments will be required to navigate and settle regulatory proceedings, fines and penalties.
According to a study by the Ponemon Institute and identity management firm Centrify, more than 75% of marketers believe a cyber security breach is a threat to a firm’s brand value, outranking CEO scandals, product recalls and environmental disasters. Think about Equifax–for a company that asks people to trust it with their most sensitive data, a massive cyber attack was the worst thing that could happen to their brand. Even a low-profile attack can make current and future customers wary of trusting your company.
While your company can survive a cyber attack, your career might not. IT staff at every level will be held responsible for a damaging, preventable attack that happens on their watch. And it’s not just an IT manager, CIO or Chief Security Officer whose heads will roll. CEOs and even board members are now expected to make cybersecurity a business priority. The CEOs at Target, Sony, FACC and Equifax all lost their jobs in the wake of massive data breaches.
When you add it up, the answer is clear. Effective patch management, as part of a holistic view of technology security, is more than just an IT investment. It’s an investment in your business, your brand and even your future employment.
Related Blog Posts
Why has video broadcasting become one of the most vital tools for any large-scale enterprise? It comes down to three key benefits that can boost how a business connects with its own employees: Culture, Engagement and Productivity. An astounding 50% of the global...read more
A few colleagues and I have some long running jokes, thanks in large part to Dilbert and The Office, where we slip borderline meaningless business phrases into our stand-ups and backlog grooming sessions. Shout out to the agile teams out there! We slyly talk...read more
As Satya Nadella prepared to take the stage last Wednesday morning at Microsoft Inspire, the tens of thousands of Microsoft partners and employees packed tightly inside the T-Mobile arena sat in anticipation of a Corenote speech from the man credited not only with the...read more