The bane of data security is the patch. The patch is what your IT guys are doing in the background to fix vulnerabilities in software that are known to the manufacturers, and to attempt to fix the vulnerability before hackers can exploit it.
Patching is a very important part of a security plan, but the number of patches that must be implemented by your security team has increased dramatically, and sometimes the patching schedule can be challenging. Not staying on top of patching vulnerabilities can result in a catastrophic data breach, such as one that occurred this year.
When a manufacturer issues an emergency patch, it is wise to heed the warning and patch the vulnerability. Today, Microsoft issued an emergency patch for a security vulnerability in its Internet Explorer web browser that is being used by attackers to break into Windows computers.
The weakness was reported to Microsoft by Google, which advised that the new vulnerability was being used in targeted attacks in which the attacker is able to install programs, delete or change data or create new accounts when a user visits a booby-trapped website.
The word from Microsoft is “users are urged to update their systems as soon as possible to reduce the risk of compromise.” Since it is an emergency patch, heed the advice from Microsoft.
Data security personnel struggle with the sheer number of patches that are issued by manufacturers, and users are impatient in allowing the security personnel to disrupt access and the user experience in order to patch the vulnerabilities. Users—try to understand the challenge that your colleagues are faced with and be patient. Let your data security personnel patch and plug so you can continue using the programs and assets. The alternative is far worse.
Date: December 25, 2018
Source: Data Privacy+Security Insider