What are we learning from Microsoft’s recent emergency security patches?

20170629

Are you running an outdated operating system?

This past May, the ransomware known as ‘WannaCry’ swept through 150 countries and affected hundreds of thousands of computers in organizations ranging from telecommunication companies to nationwide healthcare systems. Devices running older versions of Microsoft software (such as a Windows 7 operating system without key security updates) showed critical vulnerabilities to this powerful, rapidly propagating malware.

In response to WannaCry and to future threats of a similar nature or scope, Microsoft has recently taken steps to supply emergency security patches for various older software, including Windows XP, Server 2003, and Vista. Even when an older system does show some resilience to a WannaCry attack, it can still remain extremely vulnerable to other forms of malware.

The issue of updates and upgrades

Microsoft typically doesn’t support these older systems, and its recent release of free security patches is a deviation from how the company ordinarily operates. It’s an extraordinary measure for an emergency situation. However, where will Microsoft draw the line? What will happen during future occasions involving widespread malware or other security risks?

Some organizations that are reluctant to upgrade to Windows 10, for example, might take this is a sign that they can continue relying on Microsoft to support outdated versions of various Windows software when there’s an emergency. However, this is a flawed way of thinking.

  • Organizations can’t reliably depend on the fact that Microsoft will step in to fix old, unsupported software whenever there’s a major security problem. The company offers no such guarantee.
  • Upgrading to a supported platform like Windows 10 ensures that your organization benefits from the most recent updates.
  • Beyond updates or patches for specific security risks, an up-to-date platform like Windows 10 has also been designed with greater security built into it throughout. If you’re running an outdated system, there may be deep security flaws that can’t be comprehensively addressed just by performing certain updates. Older systems may be lacking in powerful security features that newer systems have adopted.

Managing your systems

Another key lesson we can take from the problem of rampant malware is how important it is to stay on top of managing your IT systems.

You need to make a full accounting of all the devices your business uses, and the information you must stay on top of includes the following:

  • The versions of operating systems and other software your computing devices use. (Maybe you’re using similar software across devices, or perhaps the software you use varies quite a bit from one device to another.)
  • The schedule of upgrades and updates you’ve developed for your systems. For example, have you made updates automatic, or are they manual? How often do you check for new updates?
  • The current vulnerabilities in your system, and your priorities for which to address first. Some security flaws are much more likely to be immediately exploited and cause potentially widespread damage, while others pose less of a threat, at least in the short-term.
  • What each device is connected to. For example, a major security risk comes from devices (ranging from laptops to digital security cameras) that are inadvertently exposed to the Internet and left unprotected. Configuring devices properly and limiting their exposure is critical for improved security.

To further discuss these issues and to receive assistance in strengthening the security of your devices and systems, please contact us. If you don’t manage your software and remain aware of the potential risks, you leave your business far more vulnerable to the threat of malware and other security breaches. The results can prove deeply damaging and include steep financial losses, damaged trust, and prolonged downtime. With our assistance, you can perform any upgrades or updates you need in a timely way and implement cyber security strategies that better safeguard you against the numerous threats out there.

Leave a Reply

Your email address will not be published. Required fields are marked *