Businesses are having to operate in an increasingly digital world, and as such, cyber security is something that should concern us all. One area of cyber security is something called ‘patching’. A patch is an update to software, including operating systems such as Android and iOS, that are designed to address security vulnerabilities and bugs that have been discovered. The patches could also add new features, fix performance issues or improve software stability.
How does a patch work?
As new vulnerabilities and exploits are discovered, software developers will create patches to address these issues and to prevent attackers from exploiting them. Patching ensures that your software is equipped with the latest security features, reducing the likelihood of a vulnerability being exploited.
So, if you don't patch your software, you are exposing your business or organisation to security risks. Hackers and cybercriminals look for vulnerabilities that can be exploited, and if they find one in your software then they will look to take advantage of this whether through stealing information, encrypting data, accessing accounts or deploying malware. These attacks can lead to financial losses, reputational damage, and loss of business continuity.
Software updates are essential
Over the last three UK Government Cyber Security Breaches Surveys, some areas of cyber hygiene have seen consistent declines among businesses, including having policies to apply software security updates within 14 days (43% in 2021, vs. 31% in 2023). These trends mainly reflect shifts in the micro-business population and, to a lesser extent, small and medium businesses – large business results have not changed.
The WCRC and police cybercrime units in Wales recently got together at an event to hear from industry speakers, as well as listen to case studies of investigations. One account highlighted the importance of patching, where third-party IT support had neglected to take timely action after a patch had been released. This had left its client’s business exposed and resulted in a ransomware being successfully deployed. That business suffered significant financial damage and a loss of business continuity, as well as the personal stress associated with such an incident.
The National Cyber Security Centre (NCSC) advises paying particular attention to:
Some other things to bear in mind are:
You can get more information on applying updates by refering to the NCSC's guidance on Vulnerability Management.
The WCRC offers vulnerability assessment services which search for known weaknesses and security issues in your system. Typically, these include looking for vulnerabilities through being outdated when a patch is available.
Information on keeping software up to date for individual platforms can be found on the various manufacturer websites:
Platform Updates guidance
Android Check and update your Android version
Chrome OS Update your Chromebook's operating system
iOS, macOS Update your iPhone, iPad, or iPod touch
Samsung How do I check for Operating System updates on my Samsung Galaxy device?
Windows Update Windows 10
Click to Open Code Editor