How Software Patches Make or Break Your Cyber Security Plan

How Software Patches Make or Break Your Cyber Security Plan

Posted on Posted in Business, Cybersecurity, Insights

You have set up your core and edge cybersecurity procedures.  You have defined policies and procedures to be followed to limit the possibility of malware attacks.  You have a dedicated team monitoring cybersecurity concerns.  You consider that you have done all you can do to achieve comprehensive coverage.  Is that enough?

The cybersecurity environment is becoming increasingly complex with hardware devices and software applications used to define cyber security protections.   It seems that upgrades and patches are needed more and more often.

You do need to apply patches to keep up to date against new threats, but software patches, particularly to central systems can drive a coach and horses through all your best efforts by nullifying existing protections and introducing new vulnerabilities, even temporarily.

How does that happen, and what can you do as far as is possible, to prevent it from happening?

Before we consider the potential effects of applying patches, it must be emphasized that applying them is nowhere near as bad as not applying them.  Applying patches is essential to keep security up to date.  For example, new malware signature files are needed to identify new malware, updated firewall software is needed to guard against new threat vectors.

Regular updates should be mandatory in all installations.   Most desktop anti-malware applications have the ability to automatically update themselves from a central server according to a predefined timetable.   Users must not be able to disable this.

How can updates cause vulnerabilities?

There are several ways in which application of software patches can cause security vulnerabilities, and how they can be countered:

Settings Reset

Settings Reset

Particularly with major releases, you might find that the applications software settings are reset to default and parameter files overwritten when you apply the patch.  In addition, new features may need new parameters set.  If you don’t set them, the default settings may conflict with other settings and leave holes in the security coverage.

New Features

New Features

The introduction of new features may cause existing features to be removed or replaced.  This could cause vulnerabilities if not correctly addressed.  The new features need to be assessed and included in your security planning.  You may even choose not to use them.

Incompatibilities

Incompatibilities

The updated software might not be fully compatible with the other software applications you use.  The incompatibilities can range from the two applications not communicating at all, to one sending or returning false or unexpected data to the other. This could leave holes in the security coverage that could be exploited.

In the worst case, some existing protections could be removed.

Potential Solutions

In many organisations there is a test network which is a mirror image of the full production environment.  This is part of the common Test/Development/Production environment.  If one doesn’t exist, set one up, even temporarily.

Use that environment to test the upgrade and see if there are any potential problems that could be introduced by the upgrade.   They can then be resolved before causing any difficulties in the production environment.

Test Environment

Test Environment

In many organisations there is a test network which is a mirror image of the full production environment.  This is part of the common Test/Development/Production environment.  If one doesn’t exist, set one up, even temporarily.

Use that environment to test the upgrade and see if there are any potential problems that could be introduced by the upgrade.   They can then be resolved before causing any difficulties in the production environment.

Switch off the Internet

Switch off the Internet

It won’t be popular but cutting any external connections to systems while the upgrade takes place will prevent any incursions caused by the potential loss of security services.  This may be a difficult proposition for many organisations, particularly those operating in several time-zones, where it will be difficult to find a suitable time to carry out the upgrade.

Have a backup plan ready

Back up plan

It is essential to be able to pull back if the upgrades fail or are otherwise not properly applied.

You will need to have copies of the previous software and configurations to hand, ready to be reapplied.

Timing

Timing

Security may be disabled, in full or in part, while software patches are applied.  This is a window of opportunity for security breaches by hackers. The time when patches are applied needs to be carefully chosen and security monitoring increased during the period of heightened vulnerability.   

Obviously, if the Internet connection is closed off, this is not of such great importance. However, in some businesses, particularly online businesses, disconnecting from the Internet is not a practical proposition.

Research

Research

You are not alone.  Before applying the patches, take a look at the supplier’s website to see if there are any handy hints or recommendations.  In addition, do a general search to see if anyone else has applied the patches and what their experience was. 

You may choose not to apply this particular batch of patches if there are many adverse reports and bad experiences reported by other users.

In the increasingly complex and vital world of cybersecurity, the need to keep up to date, and ideally ahead of the threats is becoming vital for most businesses.  This will require the regular application of software patches and upgrades.   This while a potential risk process, is absolutely necessary, and with proper care, the risks can be minimised.

Leave a Reply

Your email address will not be published. Required fields are marked *