by Doug Barney - GFI Software - Friday, 29 August 2014.
When it comes to security, only a total dope doesn’t understand firewalls, anti-virus and at least the basics of passwords.
But how many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not. Our clients and especially our servers are exposed to all kinds of grief unless they are regularly and properly patched.
Even IT pros that understand patching too often hate it. Because of myriad systems involved, and the large number of patches, the process is not just constant, but can be extraordinarily complex. One can’t just install a patch and forget it, as with Windows Updates where the fixes are well vetted. On servers in particular, patches may need to be tested, then installed, and too often reinstalled due to a bad patch or software conflicts. All to defend against an attack that may or may not happen.
Unfortunately these attacks do happen all too often. The problem is two-fold. First, too few IT regularly patch. In fact, only 36% of small companies patch consistently according to a recent study by the UK-based Federation of Small Business. That leaves an awfully big hole, as some 90% of exploits that succeed are made against unpatched systems