Getting back to basics is vital during heightened cybersecurity challenges


By Jim Jackson

As one gets older or gains more responsibilities in life, it’s often the case that you’ll spend a bit more time with your doctor to discuss some of the pillars of good health—eating well, getting enough sleep, making sure your activity level is maintained, taking the dreaded blood tests, etc. But as anything ages or is relied upon by others, it can be those basics that make all the difference in preventing large challenges. Today’s enterprises—spanning nearly any industry, but especially financial firms and other highly regulated businesses—face the same “cyber checkup” need. Too many still take way too much time to keep processes optimized. Yet, it can be simple, despite today’s cybersecurity complexities.

Ironically, it can be some of the most technically savvy innovators, who are thriving in their field, who exhibit lackluster initiative to continually improve cybersecurity through one of the most foundational needs of all—patching their systems. Although it can seem like a low priority to pay that visit to the doctor, it’s pivotal for discerning firms to consistently succeed and keep their assets (and customers) protected. Yet it can be easy for IT personnel to place a low priority on patching security vulnerabilities despite their crucial role. Why? That varies, but obvious themes are a lack of personnel, the boring nature of the never-ending task, and even the unappealingly manual aspect of simply getting it done.

Additionally, even with the best intentions to properly institute patching, IT managers and cybersecurity teams can easily create a scenario that unknowingly creates a consistent, calendarized look and feel for their vulnerability patching, but in reality, they’re still consistently slow or late. Let’s take a very basic example: A larger firm often only permits vulnerability patching related reboots and restarts during specific maintenance times that are usually off peak with their smallest usage. If days, let alone weeks or months, go by between a critical vulnerability and that preferred “window” of appropriate timing for the reboot/restart, that creates what one would think is a glaring and obvious mistake in cybersecurity. Yet, it’s a common occurrence. That “appropriate” window actually serves as a risk window.

How can firms prevent this? They need to take an automated approach to their patching and select tools that may not need reboots and restarts as frequently. In the end, it’s reducing the abovementioned risk window that should remain top of mind. Live patching should be considered and a concerted effort to reduce the time it takes to get patches through testing is obviously preferred. If instituted, it’s that much more reassuring and prudent for all involved. Plus, stakeholders will put that much more faith in IT and not see it as much as a cost center, but a business enabler.

Another aspect that makes getting back to these basics so important is compliance. Many industries, including finance, work within well-defined parameters surrounding threat mitigation. If unneeded time passes between the availability of a vulnerability patch and its actual deployment, questions are going to be raised—let alone the fact that passing your next audit won’t be in the cards either. Considering that vulnerability exploitation remains today’s #1 pathway for cybercriminals to gain access to an organization, failing an audit could be the least of an organization’s concerns. But it should be a wakeup call. It’s these basics that most often make the difference for the security posture of any firm.

Jim Jackson serves as President and Chief Revenue Officer at TuxCare. A global provider of enterprise-grade automation for Linux, TuxCare provides new levels of efficiency for developers, IT security managers and Linux server administrators seeking to affordably simplify and enhance their operations.