The Hack is Coming from Inside Your House!
The Perils of Unpatched Software
Have you ever watched a scary movie where a young couple comes home to find the front door cracked open or windows thrown wide, curtains billowing in the autumn evening breeze?
As the couple approaches the house, the tense music swells and we grip our armrests, struck by the terrifying realization that anyone — or anything — could be awaiting them inside.
In cybersecurity terms, a system with out-of-date software is like a house with doors cracked open or windows thrown wide. By leaving software updates uninstalled, you’re leaving openings for cybercriminals to exploit. And, once inside, they can do all sorts of nasty tricks.
Just as the young couple are unaware of the monsters lurking in their home, businesses with out-of-date software run the risk of giving cybercriminals the run of the place, freeing them up to creep around in the shadows, gathering information, stealing your data, and learning your behaviors — all while waiting for the perfect moment to strike.
How Hackers Exploit Unpatched Software
Many software updates include security updates. These updates are meant to remediate vulnerabilities that could be exploited by cybercriminals. These updates are created because critical vulnerabilities have either been recently discovered or recently exploited. If you ignore these updates, you’re leaving these vulnerabilities exposed, offering cybercriminals the chance to exploit them and get inside your house … er, system.
Keeping your software up to date is the scary movie equivalent of double-locking your doors and windows and arming your security system. In other words, it drastically reduces the likelihood of a successful cyber attack.
Why Users Ignore Updates — At Their Peril
It’s a familiar complaint in offices around the world: software updates always come at the most inconvenient time. However, taking a few minutes to pause your project and install the updates is certainly a lot less inconvenient than a cyber attack.
Many users will delay their updates, unwilling to pause their work, until their system forces the update. And that’s when things get really inconvenient — once it’s no longer your choice. That’s why it’s important not to delay. As soon as you are aware of updates, schedule some time in your day to get those updates installed. This will help to keep you and your organization secure as well as make sure you aren’t forced into an update in the middle of a Zoom meeting or PowerPoint presentation.
Another reason it’s important not to wait?
Cybercriminals are experts at understanding human behavior. There have been many instances where a cybercriminal crept in through a software vulnerability that remained unpatched, then lurked around in the system until after-hours on a Friday afternoon and, once everyone had gone home for the weekend, they unleashed their terrifying attack.
Launching an attack late on a Friday afternoon gives attackers the highest opportunity to get as far through your systems as they possibly can before being caught. A powerful way to help prevent it? Update your software as soon as the update becomes available.
If you’re on the IT team, be sure to run updates and patches proactively for your organization and, if possible, run them at a time that is more convenient for your staff, with precautions in place for rollbacks in case of issues with the updates you are running.
Beware the Bogus Update!
In addition to becoming more responsible with the prompt installation of updates, it’s crucial to be careful and a little suspicious whenever you receive a pop-up message or unexpected email telling you to click a link to download a software update.
Cybercriminals know the urgency around software updates and will use that to their advantage — and your grave misfortune. Don’t blindly trust pop-ups or emails saying something like, “Your system is infected, scan now.” Instead, only download or run updates from trusted sources or locations. Follow the training you received from your organization on updating your software or consult your IT department and follow their instructions for keeping your software up to dateCheck Out More Cybersecurity Awareness Month Resources
