E R T N
P
X
E INIO
OP
Why CISOs
need to
focus first on
automated
patching
According to research, almost 60% of organisations that
experienced data breaches in the last two years attributed
the breach to an unpatched vulnerability – so it has never
been more necessary to stress the importance of good
patch management. Chris Goettl, Director of Security
Solutions at Ivanti, discusses why patching needs to be a
core part of any business’ security strategy.
ulnerabilities lie
at the heart of
a cybercrime
economy said
to be worth as
much as US$1.5
trillion each year.
They are exploited by nation states and
financially motivated cybercriminals
alike to steal data, deliver ransomware,
monetise crypto-mining and more.
V
But in many organisations, the
mechanism to fix these bugs and
mitigate related cyber-risk is siloed,
reactive and ad hoc. As GDPR regulators
finally signal the end of the honeymoon
period with multi-million-pound penalties,
it’s more important than ever that CISOs
get this crucial part of their security
strategy right.
www.intelligentciso.com
|
Issue 17
Chris Goettl,
Director of Security
Solutions at Ivanti
Patching can be hard to get right, but
the tools and expertise are out there
to run effective, automated, risk-based
programmes that will create a great
foundation on which to build layered
best practice security.
Why patches matter
Vulnerabilities are a natural
consequence of human error. Mistakes
will always happen, especially in highly
complex, man-made systems like
computer programs. In fact, most current
operating systems contain millions of
lines of code, while Google’s code base
boasts more than two billion lines in nine
million unique source files. That is a lot
of opportunity for things to go wrong.
The impact of these flaws varies, but
can include data breaches, ransomware,
Automated patch
management is the
first step towards
an industry-
standard best
practice approach
to cybersecurity that
will keep regulators,
investors and
customers happy.
41