In May, we witnessed the infamous WannaCry malware attack and how it devastated the NHS in the UK, forcing hospitals to postpone operations whilst dealing with the attack.
We all know how and why it happened, but looking back, there was something that was missed by many people when explaining how it propagated so quickly.
Following the attack, there was much debate about whether organisations could have been protected if they had a certain vendor’s solution, or if users were more educated, they wouldn’t have clicked on a malicious link in a phishing email, etc., etc.
Quite a few people were also saying, quite rightly, that by keeping systems patched, the attack wouldn’t have spread so quickly. Surely, we all know that to patch a Windows system, you either automate the patch downloads through Windows or you download the patch directly from Microsoft.
So, why isn’t everyone doing this when it’s so easy?
Let’s take the NHS as an example. As a public sector organisation, it’s not awash with funds (an entirely different conversation!), therefore, it needs to pick and choose where to allocate the cash.
It could be a case of spending £500k on a vital piece of surgical equipment that can help save lives or replacing the legacy Windows XP desktops that are commonplace throughout hospitals.
Because of all the legacy equipment the NHS has, it means that patching isn’t the simple download and install process that it is for a home user.
Heaven forbid a member of staff within the NHS installed a patch that proceeded to knock out an X-ray machine or similar piece of vital equipment. This means that all patches have to be tested to ensure they work with all applications. Not an easy task when you’re dealing with understaffed and overworked NHS trusts where the priority, above everything else, is to save lives.
Similarly, we can apply this logic to any private sector organisation that is using legacy bespoke software. They’re happy to take the risk of using old(er) operating systems and out-of-date applications, as it would be cost-prohibitive to replace it all. (We all know the phrase ‘if it’s not broken, don’t fix it.’)
Every company who understands security adopts a vulnerability management solution to help identify the risks on their assets, but it’s not as simple as ‘just patch the system’ when a new patch is released. The real secret is to prioritise the vulnerabilities, so that you’re aware of the biggest risks on your most important assets and patch these first.
This way, you’re taking a handful of patches rather than hundreds, testing these with your business critical apps and then deploying them. By adopting this approach, you can be sure that you’re addressing the critical risks without breaking your infrastructure.
This is one of the key points within Tripwire IP360. The unique Risk Matrix uses multiple factors to prioritise risk within your estate, enabling administrators to target those assets that need immediate remediation whilst reducing resource overhead.
To learn more about how Tripwire IP360 can help sure your business, click here.