Page 9 - Cyber Defense eMagazine - February 2018
P. 9
Remember, when mass updates are issued, those with malicious intent find out as well.
Cybercriminals get to work knowing that many enterprises make the mistake of not
patching.
SECURITY IS A BUSINESS ISSUE: INVESTMENT
One big obstacle to patching is that when IT says "updates," the business often hears
"downtime," and foregoes patching in favor of 24/7 availability and uptime. IT must
demonstrate how updates and uptime do not have to be mutually exclusive if the right
systems are in place.
Since budget decisions that impact IT are made across functions, and because success
is dependent on data integrity, security is clearly a business, and therefore, the C-level
must become more vested in matters of information security. Looking forward into the
new year, it’s likely that the steady proliferation of end points and more sophisticated
cybercriminals will make hiring and managing security professionals more important
than ever. IT can help by quantifying what a breach might look like long-term versus a
short-term investment in technology. Those at the C-Level who are pressuring IT likely
don't realize they are breaking optimal security policy, and, in fact, hurting the business.
They are doing so because they falsely believe patching disrupts continuity. Still, when
there's a breach, executive leadership would (rightfully so) be the first to ask: why
weren't we up to date? Or if current fixes don't work on legacy technology: why weren't
we upgraded?
The reality is, IT focuses on availability as much as the business, but is hindered by
mistake No. 3 — a lack of budget investment by the business to ensure a secure, ever-
on environment. Funding instead tends to go toward customer-facing projects in
marketing, for example, where ROI is more quickly measurable. An immediate capital
expense dwarfs in comparison to the long-term cost of a breach and the harm to
customers, though.
So, to achieve simultaneous updates and uptime, the business has to understand the
necessity of duplicate infrastructure for critical applications. With one system on standby
and one that's active, updates can be made, and testing performed, then updated
applications switched over without interruption. The result is 24/7 availability AND
security.
9 Cyber Defense eMagazine – February 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.