When it was released in 2015, Windows 10 met a barrage of controversy for its forced updates. The prevailing fear among business users, in particular, was that mandatory updates would get in the way of everyday routines, while malfunctioning updates could potentially even leave the systems unusable. While these are legitimate concerns, they’re not nearly good enough to make it worth deferring critical security updates designed to make your computers safer. The truth is that many people have developed the habit of delaying or even canceling updates to avoid disruption. But nothing causes disruption more than a cyberattack.
What’s at stake?
Outdated software has been found to be the culprit in many data breaches large and small. One of the largest ever, which targeted the Equifax credit rating agency in 2017, saw the theft of records belonging to up to 147 million American citizens. Hackers obtained social security numbers, birth dates, names, and addresses, all of which are valuable on the black market to other cybercriminals who use such information for identity theft and launching phishing scams. The hackers succeeded by exploiting a software vulnerability that had been patched two months before. The incident would never have happened if Equifax had kept its systems up to date.
Understanding the technology support life cycle
All technology manufacturers have an obligation to support their customers for the predefined life cycle of their products. Microsoft typically grants around 10 years of support for its operating systems, for example, during which it will continue to deliver critical security updates. Updates also apply to any system that has some form of software, such as network routers, internet-connected smart devices, and even the individual components that make up your computer.
Eventually, there comes a point where it’s no longer economical for a manufacturer to continue supporting old products, the end of support for Windows 7 this January being a prime example. When a technology product reaches the end of its support lifec ycle, the manufacturer won’t release any more security updates for it, thus potentially leaving the device vulnerable to an attack.
Of course, this sort of planned obsolescence is controversial, the concern being that vendors just want you to keep paying for upgrades. That’s true in some cases, but it’s also important to remember that it’s generally more constructive for technology companies to focus on the development and support of new products that meet new demands. If you’re not convinced though, you may want to consider using cloud-hosted systems, which are kept up to date by the vendor.
Which systems should be updated?
Every device that connects to the internet runs software, which hackers may try to exploit. Smaller single-purpose devices, such as IoT systems, network routers, point-of-sale systems, and embedded machines might not seem to have much in common with computers at first glance, but they all run firmware, which is effectively a very basic operating system in the form of coded instructions for operating the underlying hardware. So long as the device handles any potentially sensitive data and/or is connected to your wider network, that firmware needs to be kept up to date if any security patches are released.
A good example is network routers, many of which are potentially vulnerable to KRACK attacks, which exploit WPA2 wireless security. Fortunately, many manufacturers have released patches to address the issue.
Computers also need to be kept up to date with the latest security patches, but there’s more to it than automatic operating system updates. You may also need to update your applications and device drivers, and possibly even the BIOS or UEFI firmware, which runs from a chip on the motherboard.
Fortunately, most updates can be automated using a unified patch management solution.
JAD Technologies provides proactive IT support services that keep your systems up to date and efficient. Talk to our team today to find out more.