Why not ignore updates?
The most common purpose of updates is to bring new features to a computer program.
But sometimes they allow computer solution vendors to fix some of the vulnerabilities they see after the program is put into service. The history of computer security has shown that whenever updates have been overlooked, some consequences have struggled to be caught up. In some cases the consequences have been disastrous. In this context, the proliferation of ransom programs in the famous WannaCry can be cited.
This article will also interest you: Updating your software can protect you
In 2017, the malware spread worldwide. Hundreds of thousands of computers have been infected. This large-scale contamination was caused by a negligent information system manager, for not carrying out an update to deploy a security fix that will fill a loophole that affect the Windows environment. In other words, the cure of the problem existed even before the problem occurred. But just because we didn't implement a major update, the whole world was shaken up. During this period and the financial, industrial, and technical consequences were enormous.
In addition, updates should be seen as it imperatives of computer security. "Updates are at the heart of a strong duality, with the dual objective of ensuring security while taking into account the operational constraints specific to each organization. Indeed, if updates exist to fix bugs and vulnerabilities, they sometimes also bring their share of constraints. In the industrial and OT sector, for example, they can lead to adverse effects, such as a prolonged shutdown of production. Their impact can therefore prove to be major, the maintenance cycles associated with the application of the patches must, therefore, be prepared and programmed with the utmost attention. More generally, outside of the industry, some updates can generate regressions, make a website unavailable, or impact user productivity for a period of time. In view of these elements, the subject of updates is as complex as it is paradoxical. explains Adrien Brochot – Product Manager, Stormshield Endpoint Security.
Whether the updates should always be made to propose is not that obvious, indeed "This question is strategic and debated within companies. First, the organization's operational constraints and work environments need to be mapped. Let's not forget that updates can be very complex, if not impossible in some cases. Control and anticipation are therefore two things to consider in limiting risks. Adrien Brochot replies.
Yet the culture of updating is encouraged. Everywhere, anyone with a computer system or computer device on their control is regularly advised never to delay making the proposed security updates. That this presents itself as an essential aspect in the development of security.
"While the critical nature of updates is becoming increasingly widespread in companies, some are still struggling to clearly perceive the risks associated with non-achievement. Still too many of them think they can't be affected by a cyber attack. This is the case in the areas of OT, where cyber culture is not yet sufficiently developed. It is therefore strategic for publishers and suppliers to support their customers in embraising this culture. points out Adrien Brochot.
Somehow everyone has to get involved. From publishers, OEMs and even business leaders to the smallest link in the chain, the end user, everyone has to contribute to the design and culture of the update. To do this, I will have to simplify the process. There will also need to be an emphasis on raising awareness in a certain way. The main players, i.e. publishers and OEMs, must provide continuous support. This will have the immediate effect of increasing confidence and developing in a certain way the reflex.
Now access an unlimited number of passwords: