Let’s start with a little IT history lesson. Why is a software patch called a patch?
It’s because way back in the midst of time when data, or instructions, were stored on punched cards, if an error was found – meaning that there was a hole punched in the card in the wrong place – then it would be covered with a self-adhesive patch.
As we have progressed to a software based future the name has stuck and patching, or updates, is a regular part of IT life, especially regarding cyber security. The advice of the day is that if there is a patch available for your installed software that contains security fixes, then it should be applied in a timely manner – easy, straightforward advice. So, it was interesting to read on ‘Security Intelligence’ the blog from IBM, that an increasing number of companies are using outdated software which runs the risk of a cyber-attack being successful.
They go on to point out how for years within IT management, and I recall this from personal experience, that there is an age-old adage of “if it ain’t broke, don’t fix it”. That’s further compounded by many examples of how in the past new releases of software were full of bugs and those who adopted early got their fingers burned. This has led to their findings that just 31 percent of North American endpoints now run Windows 10 and even more worrying the number of (unsupported) XP endpoints in health care increased from 2 percent to 3 percent.
For many years, there have been software management tools and technologies allowing the roll out, and if needed the roll back, of software, but often they were relatively large and expensive solutions, well out of the range of SMEs. But it would be a far more palatable conversation to have, requesting such a patch management solution, as opposed to the heated discussions that would take place once a company has been breached and then has to suffer the legal challenges, compliance failures and ransomware infections.
Apple was in the cyber news this week regarding how their contractors in China have been selling user data of their Chinese Customers.
The story, as reported by SC Magazine, stated that “The gang allegedly siphoned out the customer data – including user names, phone numbers and Apple IDs – from an internal company computer network, which they then sold, charging between $1.50 and $26.50 for elements of the illegally obtained assets. They reportedly earned around $7.4 million in the ploy.”
This is a great example that even if your company is known for privacy, as Apple is, and despite having very deep pockets, sensitive data can be lost. This is probably the best high profile example of a non-secure supply chain, an issue that many companies need to address as part of their overall cyber security strategy.
The Guardian newspaper published a story this week regarding a slightly different angle to the ongoing crisis in Qatar. They reported on how the Pan-Arab satellite network Al-Jazeera was fighting off a large-scale cyber-attack. Although the website of this state-run television station was taken off line for several hours, due to ‘security reasons’ it did remain broadcasting.
From my point of view this interesting part of this story, isn’t the attack itself, it’s that any major global diplomatic incident now has a cyber related aspect to it. This of course sits in the shadow of the ongoing investigations in the US to possible hacking activity into last years’ presidential election, if any further proof was needed to substantiate my thoughts.
With this continuing rise of cyber-attacks, hacking and security concerns It will soon make many people wistful for the ‘good old days’ when a hacked bit of data could be fixed with nothing more than a self-adhesive patch.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.