28 Oct Cybersecurity Month: Updates available?
CYBERCOAST EXPERTS UNPACK OWASP’S TOP 10
A key security measure is also among the most frequently postponed or ignored
Periodically, a group called the Open Web Application Security Project (OWASP) publishes a list of the most common cybersecurity problems its members are finding. The most recent draft includes Vulnerable and Outdated Components, coming in at number 6 (up from 9 on the 2017 list).
What makes this one unique is that many of us are contributing to the problem every time we put off a software update or just decide not to do it. That’s understandable, of course. We’re often busy, on a deadline, or about to start a task when that annoying message pops up. But the truth is, it can be far more important than we might think.
Software companies like to tout new features and capabilities that come along with their updates, but they are decidedly less enthusiastic about discussing their vulnerabilities. In most cases, these are small bugs that are unlikely to be exploited. Other times, however, they are serious security problems that hackers can use to steal your personal data or breach a corporate network.
Unless the problem is significant enough to gain media attention (or at least be discussed in user groups) most of us don’t know how to judge the importance of an update or patch. Be sure, however, that hackers are paying attention. Once a software company has issued a patch for a vulnerability, their job is done. If you failed to install it, a subsequent breach is on you.
Here’s another issue: In some cases, software patches are iterative and must be installed in sequence. So, let’s say for example that Microsoft sends you an urgent notice that you need to update your Office 365 software to fix a critical vulnerability that could expose all your data. You’ve ignored several prior software updates, so you find you can’t install the new patch until all your updates are complete.
This is a process that could take hours or even days, depending on how many such notices you’ve postponed. That’s more than enough time for a hacker to take advantage of your mistake and make you pay dearly.
The good news about this particular OWASP finding is that the remedy is as simple as the problem is serious. All we really need to do is prioritize software updates and make it a practice to install them as soon as they are available.
Yes, it’s a pain sometimes. But updates are less costly and time-consuming than breaches. Just ask anyone who’s ever paid a ransom to have their files restored.
The talent, education, industry and military investment make Pensacola, Florida a natural for Cybersecurity. The place, the people and the quality of life make it a natural for you. Bring your dog, your laptop or your company and join us on the CyberCoast. Learn More