Patching – it’s complicated! As much as we like to point fingers of blame and malign the processes in place, the fact is that one size does not fit all when security updates get issued.
What’s the definition of insanity: doing the same thing over and over. Organizations at every level seem to be struggling with staying on top of patching, but it feels more like a necessary evil rather than a best practice. We’re damned if we do and damned if we don’t.
We need to go beyond just finding the sweet spot between mitigating business risk with vulnerability exposure. Let’s talk about how can we fix this process that seems inherently broken, especially as it now affects IoT, OT and medical devices. Because the cure isn’t supposed to be worse than the disease.
Cheryl Biswas (@3ncr1pt3d) is a Threat Intel Analyst with TD Bank in Toronto, Canada. Previously, she was a Cyber Security Consultant with KPMG and worked on GRC, privacy, breaches, and DRP. She has an ITIL certification and degree in Political Science. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She actively shares her passion for security in blogs, in print, on podcasts, and speaking at conferences.