Page 12 - SEP OCT 2019 CFESA Mag website
P. 12
PATCHING AND DATA In either case good software companies
RECOVERY will develop and issue security patches
FRED LONGIETTI in a timely fashion.
CAROLINAS NET CARE LLC
Once a patch has been issued the
vulnerability it fixes becomes widely
In previous columns I discussed four
of the six pillars of technology security known. Now the hackers know about
- end point protection, network pro- it and can develop malware to take
tection, email protection and employ- advantage of the vulnerability. There-
ee training. In this article two others fore, when patches are available but not
patching and data recovery will be applied your risk is much higher than
addressed. it was before the patch was released.
The conclusion is it becomes extremely
important to apply software security
Patches and software updates are sup-
plied by the original manufacture and patches as quickly as possible. And to
are changes to their software. There do that you need to have a system in
are a number of reasons software place for regularly applying patches to
developers issue these patches includ- all of your software.
ing improving compatibility with other
software and hardware, improving per- The final security component to be
formance, adding features and making addressed is data recovery. The goal
changes to how the software commu- of backups should always be data re-
nicates with the software manufacturer. covery. In general data recovery can
When addressing security, patches that perform many functions. These include
update software to prevent improper restoring a file deleted by employee
use is what we need to be concerned error or malevolence, restoring data
with. destroyed or ransomed by a software
attack and restoring entire systems
damaged by disaster. Backups can also
The most dangerous and damaging
improper use of software is exploitation be used to provide a previous version of
through software vulnerabilities. A vul- a file or be used to audit files.
nerability is a weakness that can be ex-
ploited to perform unauthorized actions Software attacks can attempt to take
within a computer system. In today’s control of your access to data by chang-
world researchers (both the good guys ing permissions or encrypting data,
known as white hats and the bad guys deleting data altogether, falsifying data
known as black hats) actively analyze and siphoning off files. For most small
software. White hat researchers will to mid-size businesses the primary risk
notify software manufactures in private is “Crypto” attacks. In these incidents
about a vulnerability so they can create the perpetrators take control of your
and issue a patch to fix that vulnerabil- data and they are counting on compa-
ity. Black hats (both criminal and gov- nies not having a sufficient recovery
ernment) tend not to reveal their find- strategy. Ill-advised backup strategies
ings and in those cases the vulnerability include only doing nightly or daily back-
is not known until it has been exposed. continued on page 21
12 CFESA Magazine | SEP / OCT 2019 | www.cfesa.com
