Missing Patches Place Security At Risk

Uploaded on 2021-05-31 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cyber security is both a driver and a major barrier to public sector IT modernisation, according to new research from BAE Systems about cyber security concerns in the UK public sector. Forget the stealthy hacker deploying a never-before-seen zero day to bring down your network. IT security professionals admit that one in three breaches are the result of vulnerabilities that they should have already patched.

Software vendors are constantly publishing new patches to fix problems in software that they have sold. It's then up to the users of the software to apply the patches, or else risk leaving themselves open to attack via the backdoors that the vendors failed to spot when building the product in the first place. 

BAe Systems surveyed 250 managers with IT responsibility in UK central governmental organisations, to better understand the interplay between security and digital transformation. 

The results have revealed that most (60%) UK government departments have digital transformation plans in place and that these have been accelerated in the majority of cases by the pandemic. Mitigating the risk of vulnerabilities was cited by three-quarters (75%) of respondents as the main reason for driving these legacy upgrades. This finding is supported by current experience. Nearly two-thirds (63%) of respondents said they suffered a security incident in the past six months and over half of these (52%) came as a result of missing patches. 

The mass exploitation of unpatched Microsoft Exchange Server bugs earlier this year is proof of the potentially disruptive impact of such threats.

Security was also cited by 68% of respondents as a barrier to upgrades, second only to integration issues (69%). According to BAe Systems findings, greater collaboration between IT and security and a recognition of the urgent need for security enhancements in certain areas can give projects a push. “The lack of integration between legacy IT and modern security solutions was the top data protection risk highlighted by respondents (53%), although “managing risk” came top in the NHS (55%) and “securing traffic flows” was the number one issue for public administration officials (61%)”.

Top of the priority list for IT decision makers in central government is simplifying their security architecture (45%) and reviewing current risk management strategies to ensure they have the right balance between security and productivity (45%), the report  concludes.

The 2017 WannaCry ransomware attack was a very clear example of what can go wrong when patches aren't applied; while a patch for the vulnerability exploited by the ransomware had existed for several months many organisations, notably, parts of the UK's National Health Service, had failed to use it.

BAe Systems:        Unified Guru:    Infosecurity Magazine:       NewZZ:      ZDNet:       Shop Center US

You Might Also Read:

Ignoring Software Updates:

 

« Managing A Remote Team To Protect Against Cyber Attacks
WEBINAR: How To Architect An Identity Management Strategy In AWS »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Checkmarx

Checkmarx

Checkmarx provides state-of-the-art application security solutions with static code analysis software.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Checksum Consultancy

Checksum Consultancy

Checksum Consultancy specializes in Information security, Risk management, and IT governance.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

Hardenite

Hardenite

Hardenite solution helps R&D, DevOps and IT teams to continuously manage security risks and hardening efforts of any Linux OS – based product, throughout the product life cycle.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Cognyte

Cognyte

Cognyte are a market leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a safer world.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

AnyTech365

AnyTech365

AnyTech365 is a leading European IT Security and Support company helping end users and small businesses have a worry-free experience with all things tech.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.