Launched on May 12, 2017, the WannaCry ransomware attack affected at least 200,000 computers in more than 150 countries by exploiting vulnerability in the Microsoft Windows OS. It galvanized not only Knoxville IT support service providers, but providers all over the world, too. A question hung in the air: What could have been done to prevent this unprecedented attack?
Patches as Protection
Microsoft had released patches for the aforementioned vulnerability and advised people to update their OS even prior to the attack. If a system has the patches installed, these would have served as the first line of defense against WannaCry.
Yet, many systems still got infected because they didn’t have the patches completely or properly applied. The problem is rooted in the fact that patch management is still an issue in many companies. Security teams know that patches are critical, but they don’t know which patches to use for a particular system, when exactly they should apply these, and how much of an impact patches can have. Their processes are far from mature— if there’s even one. A few companies don’t have a process in place at all.
Struggle with Patch Management
There are several reasons why companies have problems with patch management. One of the most common is the volume. With so many identified vulnerabilities out there, it’s not a surprise why there are a lot of patches as well. This makes it harder for security teams to keep up, especially when there’s an endless stream of patches to apply.
Also, patches usually disrupt operations because they either require rebooting a system, or at the very least, stopping it. If there are many patches to be applied, interruptions will occur multiple times. For most businesses, they can’t afford to suspend operations that much. Even if the required downtime is short, it adds up in the end when done repeatedly.
As a result, patches are put off until a serious threat is about to infect the system. But because patches take time to apply, it may be too late for companies to take action by then.
The Search for Compromise
Given how involved patch management can be, it’s understandable why companies for not prioritizing it. But sacrificing security is also not an option. There has to be a middle ground; otherwise, companies will suffer at the face of another attack like WannaCry. That’s where Knoxville IT support service providers come in. When companies are too busy to handle their own patches, a third-party provider of security services can take over patch management and other security-related processes.
Aside from security services, most providers also offer consultation services delivered by experts. It’s a perfect opportunity for companies— especially small businesses— to learn about industry best practices for patch management and other aspects of enterprise security. This access to information is typically bundled in for free as an added-value service, so companies should take advantage of it.
If you’re a small business looking for a reputable and reliable provider of Knoxville IT support services, we at Allevia Technology are here to give you what you need. Our numerous services include patch management to ensure your systems are updated and protected. Contact us today for more information.