The price of patching
Faculty of Health, Engineering and Science
School of Computer and Security Science
Patching and software updates are now an unavoidable aspect of modern IT usage. Users are all too accustomed to seeing related messages appearing, and software providers seem to have no qualms about releasing them on a regular basis. However, this raises the question of whether it has become too routine an expectation, and whether it is realistic to believe that people will actually keep up with the patch status of their systems. The exploitation of unpatched systems remains a serious risk to IT and the underlying cause of many incidents. Yet, despite advances in automated patching, managing updates can still remain a challenge. As well as the sheer number of updates, other factors, such as limited bandwidth, can discourage people from patching as often as they should. Steven Furnell, Johan van Niekerk and Nathan Clarke consider these problems, paying specific attention to the issues that can be introduced for systems located in developing countries. While we know that they should do it, the reality is that we certainly cannot rely upon it – even in workplace contexts and in regions with readily available broadband connectivity. For example, to quote directly from the ‘2013 Information Security Breaches Survey’ in the UK: “Worryingly, the survey results highlight that many organisations have left themselves vulnerable by not applying patches”.