Additional security for risky memes and games
There are many reasons to delay software patches including the need to test these for flaws, the fact that a patch may make the patched software incompatible with other software and applications, and the fact that this incompatibility may break a vital app that serves the needs of your core business. However, you need to weigh these risks against the risks of malware entering through unpatched vulnerabilities.
If you can automate testing for patched software in a sandbox and then schedule it for limited production use on a certain set of servers before fully deploying it, you can establish some sort of routine, relatively swift patching program to close those holes while maintaining the integrity of the production environment. If a patch does break a critical application, you will have to weigh the opportunity cost of updating the application and perhaps software with dependencies against the likelihood and severity of the security threat from the unpatched hole.
It is as inexpensive to harden endpoints as the time and effort that it takes to set the configurations that do so. “Aggressive patching and hardening of these machines goes a long way toward reducing the risk of infections that can provide attackers with a foothold into the organization,” says Casesa.
All the technology in the world won’t stop malware from waltzing into your company if employees do not willingly make themselves extensions of the security team. By using ever more positive, rewarding programs to draw employees into the security battle, you can begin to keep them from being extensions of an attacker’s team instead.
Sign up for CIO Asia eNewsletters.