WatchGuard Blog

Software updates and patching: the right formula against cyberattacks

Something as common and widely known as a software update can prevent major cyberattacks from happening, as they incorporate patches that fix system vulnerabilities. Prioritizing updates may seem a burdensome and inconvenient task for users, because computers and servers have to restart to perform installation, which interrupts users when they are working. This is why updates are often postponed and recommended patches that could prevent common security problems such as theft and loss of identity are ignored. 

According to data published in the ZD Net media, 61% of existing vulnerabilities in corporate networks date back to 2016 or even earlier, despite the fact that patches have been available for five years or more. In fact, some of the vulnerabilities that continue to be exploited to gain access to networks are more than a decade old. 

How worrying are software vulnerabilities? 

Anybody who has been avoiding updates all their lives, and has luckily escaped unscathed, may have a false sense of security and think updates are not that necessary. However, the cyberattack targeting the International Committee of the Red Cross (ICRC) in November 2021, proves their confidence is misplaced. In this incident, hackers gained access to the ICRC’s systems by exploiting a known, but unpatched, critical vulnerability in a single sign-on tool developed by Zoho, a company that makes web-based solutions for business management. During the attack, the data of more than 515,000 "highly vulnerable" individuals was compromised. 

In this regard, data presented by IBM in its annual X-Force Threat Intelligence Index 2022 report indicates that 34% of reported cyberattacks in 2021 were due to vulnerabilities being exploited, which represents a 33% increase in incidents of this nature, compared to 2020. These figures demonstrate the huge weight of this attack vector as an entry point for hackers. Similarly, the report highlights the rise in the number of vulnerabilities, which reached a new record high with 19,649 new ones, after five years of steady growth. More worryingly, however, the number of exploits, or tools used by cybercriminals to exploit a vulnerability, has also grown steadily. WatchGuard's Internet Security Report, in which WatchGuard's Threat Lab analyzes the latest malware and attacks on the Internet, specifies that the volume of network attacks reached a four-year high with some 5.7 million network exploits in the fourth quarter of 2021. This means that cybercriminals have more and more options available to carry out their plans.  

Software updates: the first step is cybersecurity 

As demonstrated, new vulnerabilities are continually emerging and, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the best defense against those seeking to exploit already patched vulnerabilities is to keep software up to date. They also recommend taking a series of actions to ensure that your software is up to date at all times:  

  1. Enable automatic software updates whenever possible. This will ensure that software updates are installed as quickly as possible. 
  2. Avoid using obsolete (EOL) and unsupported software. 
  3. Visit vendor sites directly and do not click on advertisements or email links.  
  4. Do not perform software updates when using untrustworthy networks. 

Hole-filling at the endpoint   

It is clear that software patches and updates are critical in ensuring the robustness of an organization's cybersecurity. In addition to the practices recommended by CISA, companies have a duty to monitor and mitigate known vulnerabilities that are exploited, time and time again, as a means of gaining access to their networks. After all, these vulnerabilities pose a greater and more real risk than other types of threats. 

Using tools that help keep systems up to date and protected through available patches is a great advantage when it comes to protecting yourself and combating cybercriminals. Keeping up to date with updates released by vendors can be a challenge and leaves room for error, while having a database that allows you to compare patches that have been installed on a network's endpoints can shield systems and prevent malware attacks on vulnerable workstations and servers. 

Share this: