You’ve had a breach – how do you successfully roll out an emergency patch?

Daniel Robinson, Technical Support Engineer at Foundation IT, takes us through the steps to successfully implement an emergency patch in the event of a data breach.

Patch management has remained a significant challenge for Chief IT Officers since the beginning of the pandemic. CTOs faced mounting pressure to swiftly enable remote working for large and often dispersed teams – all whilst ensuring no compromises were made to security or data that previously were comfortably protected within the office’s four walls.   

Earlier this year, Microsoft was forced to issue an emergency security patch following a cyber-attack that affected millions of Microsoft Exchange clients around the globe because of an exposed vulnerability, with the attack having repercussions on UK SMEs that rely on its software – many unaware they were victims of an attack.   

Vulnerabilities in tech are regularly unearthed, and in response, vendors issue security updates to close any weaknesses before a hacker exploits them. However, the truth is that patching remains the most important thing you can do to secure your IT – even if for many professionals, it is a run of the mill and basic principle.  

A large majority of data breaches that occur happen because of inadequate patching. 60% of breach victims say they were breached due to an unpatched known vulnerability where the patch was not applied. In the hybrid workplace, teams are more disparately working across a blend of work and personal devices, causing new vulnerabilities that are being exploited every day.   

As the hybrid workplace model pushes new priorities to the top of the list, it can leave companies more exposed and emergency patching inevitable at one time or another. So, with that in mind, how can you successfully minimise the damage caused when you next need to roll out an emergency patch?  

1. Identify the vulnerability and further potential pitfalls  

Patching introduces risk, so no matter how well a release update or patch is planned and practiced, there will be eventualities where they contain major vulnerabilities. Not all vulnerabilities will pose the same threat, so they must be quickly identified so they can be fixed and avoid being manipulated by cyber-attackers. Ensure to communicate this exposure with all teams involved to prevent the threat from reaching the next level, and to aid a rapid response time.   

The majority of vulnerabilities are identified, and mitigation is discovered almost as quickly as identifying the vulnerability in the first place. But this process often involves disabling or making components of the software or operating systems cease to function. This can cause numerous headaches within a business when you utilise these features daily. You then must weigh up whether the vulnerability carries enough risk to warrant losing functionality in your systems for a brief period until the vendor can design a full update or patch. A common pitfall I’ve seen is businesses that implement workarounds or mitigations for vulnerabilities, never get time or business sign off to applying fixes or patches which ultimately fully resolve the issue.  

Vulnerability management often feels like trying to fix an old bathtub, just when you fix one leak, another one appears. 

2. Have in place regular patching routines  

Patching updates are ways for developers to bring in improvements to their solutions; fix bugs, introduce new features, and give stability updates. These updates will provide a business with a more efficient and secure way of working by uncovering hidden vulnerabilities, so introduce a routine that regularly allows patch updates to be made.  

Although patching has earned an unfavourable reputation as a cause of business downtime and interruption, condensing your patching into one monthly activity will help avoid a company-wide disturbance if and when an emergency patch needs to be rolled out. On average, a calendar month contains 730.5 hours, so in theory, there should be a small window in this time where an update can be performed. In addition, for hybrid workers, having one day dedicated to patching will allow for managers to plan tasks around this scheduled downtime, helping to avoid loss of productivity and disturbance to scattered teams.  

 3. Give IT teams the right tools to detect and patch in a timely manner  

To have effective security controls, understanding the assets you have within your “premise” is essential. Good asset management can help avoid security crises by enabling workers to take remedial action before a threat develops. The best patch management software will make managing and updating assets simpler and identifying vulnerabilities easier – by scanning for updates, reporting missing patches, and alerting to any weaknesses. 

Azure Virtual Desktop (formerly Windows Virtual Desktop) typically makes rolling out changes, updates and performing maintenance a lot easier. Regardless of the desktops you provide to your hybrid workforce, they all stem from a single desktop image which is bootable and can be updated or changed as required. These can also be deployed during a scheduled maintenance window, and the system can then rebuild the desktop pools so that the user will log-in to a fully updated platform the following day, potentially being none the wiser. 

4. Prepare for emergency patching  

Planning for emergency patching is not simple and will require some disturbance to workflow during a given period. Communicating to teams why an emergency patching plan is important will alleviate some of the disruptions and reiterates the need to embrace patching as part of your company culture. Hybrid teams often work on virtual desktops, like Azure Virtual Desktop (née Windows Virtual Desktop), Microsoft Teams, or access work documents via the cloud, so keeping them updated with any planned practice rollouts will allow them to reprioritise their workload and may even help to spot any potential problems.   

5. Conduct reviews and adjust your patching process  

Conducting a thorough review following an emergency patch rollout will enable you to understand the vulnerabilities that were present and monitor whether the patch update has been compliant, and the threat level has been significantly reduced.   

Consider the process and what worked well – were there any errors that could have been avoided? Is there a need to introduce a new stage of the process to ensure compliance? Taking the time to reflect on the actions leading up to the emergency patch and the impact of the update will help simplify the process for the next time there is a threat to your IT.  

READ MORE:

• World Environment Day: How tech can drive green energy growth
• Making it Stick: The post-pandemic data imperative
• How AI can put brands back on top
• Mimecast’s five steps to stop brand impersonation

6. Use a security partner who has end-users in mind  

Using a security partner who considers the experience for end-users means vulnerabilities are quickly picked up and rectified before they are exploited, and reputation is put at risk. Outsourced IT teams can schedule routine system updates around a time that is convenient for your company, eradicating the need for in-office-hours downtime and the wrath of disgruntled employees who were caught off-guard by the latest patch update cycle. This in turn gives peace of mind if an update happens to go wrong, with experienced IT teams identifying and correcting the issue without compromising security.  

Planning for an emergency patch is invaluable and will save your business interruption the next time your update goes wrong. 

Emergency patching can be a stressful time for all, but knowing your process inside and out will help you get prepared for the next time you need to roll out a fix.   

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter