Need help - Ask Roger

The complex world of protecting your organisation from the internet-based cybercriminal can be daunting for most.As a C-level executive, manager, owner or board member of a not-for-profit organisation, a charity or a small or medium enterprise you are faced with a number of issues related to data.This podcast is here to help you, from simple solutions to complex strategies. It will address as many as possible.Business is all about risk, revenue, brand and productivity.A cyber event can impact all of them.

All Episodes

Need help - Ask Roger

Why do we need to patch?

November 22, 2021 • Director • Season 1 • Episode 3

In the last 2 episodes, we have focused on passwords - unique, complex and more than 12 characters.

We also know that account credentials can be stolen and we needed additional security

Enter 2FA or multi FA

Username = who you are

Password = what you know

2FA / Multi FA = what you have

If we need access to data then we need these systems.

But the bad guys often do not need an account to get in.

There are other ways

One is to target vulnerabilities.

To target vulnerability, we need a crash course in hacking into systems.

2 components - we need a shell and a user (that user can be a service account)

I will go further into vulnerability management, so let's just say that there is a vulnerability effectiveness scale and any one of them between 9 - 10 give us both those requirements.

Malware is used to target vulnerabilities on applications, operating systems,

How do we stop the bad guys from gaining access?

In this episode, we are going to focus on patching.

Patching, updates and why we need them

A little History

2 of the biggest issues from not patching - eternal blue and code red

What about target

Why do we need to patch

Updates vulnerabilities that have been discovered

Adds additional functionality

Protect your data against attack

Protecting others

What is patching doing

Repair vulnerabilities

Updating software

Replacing code

Stops malware from getting a foothold

Stops exploits

Minimising downtime

Compliance and governance requirements

How can we patch effectively

Best practice

Implement automation - patch management

Operating system patching

Everything needs to be patched - computers, smart devices, IoT devices, Cloud-based systems, websites, routers, switches,

Do it regularly

Have you checked your website recently?

Get into the habit of patching

Application patching

Applications including java, adobe, vendor based apps

Open, do it, close, open then patch

Automated systems can be used

Most MSPs have a patching process.

Other patching information

16.555 vulnerabilities were discovered in 2018

Vulnerability scanning - how it is used.

Large organisation automate it as much as possible and enforce it

Even larger organisation have separate systems - production and test and test updates and patches on the test environment first

What happens if there is no patch?