Page 9 - Cyber Defense eMagazine - February 2018
P. 9

Remember, when mass updates are issued, those with malicious intent find out as well.
               Cybercriminals  get  to  work  knowing  that  many  enterprises  make  the  mistake  of  not
               patching.


               SECURITY IS A BUSINESS ISSUE: INVESTMENT

               One big obstacle to patching is that when IT says "updates," the business often hears
               "downtime,"  and  foregoes  patching  in  favor  of  24/7  availability  and  uptime.  IT  must
               demonstrate how updates and uptime do not have to be mutually exclusive if the right
               systems are in place.


               Since budget decisions that impact IT are made across functions, and because success
               is dependent on data integrity, security is clearly a business, and therefore, the C-level
               must become more vested in matters of information security. Looking forward into the
               new year, it’s likely that the steady proliferation of end points and more sophisticated
               cybercriminals  will  make  hiring  and  managing  security  professionals  more  important
               than ever. IT can help by quantifying what a breach might look like long-term versus a
               short-term investment in technology. Those at the C-Level who are pressuring IT likely
               don't realize they are breaking optimal security policy, and, in fact, hurting the business.


               They are doing so because they falsely believe patching disrupts continuity. Still, when
               there's  a  breach,  executive  leadership  would  (rightfully  so)  be  the  first  to  ask:  why
               weren't we up to date? Or if current fixes don't work on legacy technology: why weren't
               we upgraded?


               The reality is, IT focuses on availability as much as the business, but is hindered by
               mistake No. 3 — a lack of budget investment by the business to ensure a secure, ever-
               on  environment.  Funding  instead  tends  to  go  toward  customer-facing  projects  in
               marketing, for example, where ROI is more quickly measurable. An immediate capital
               expense  dwarfs  in  comparison  to  the  long-term  cost  of  a  breach  and  the  harm  to
               customers, though.


               So, to achieve simultaneous updates and uptime, the business has to understand the
               necessity of duplicate infrastructure for critical applications. With one system on standby
               and  one  that's  active,  updates  can  be  made,  and  testing  performed,  then  updated
               applications  switched  over  without  interruption.  The  result  is  24/7  availability  AND
               security.







                     9   Cyber Defense eMagazine – February 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.
   4   5   6   7   8   9   10   11   12   13   14