The second Tuesday of each month is what’s known as Microsoft’s Patch Tuesday. More recently, it’s even been called Updated Tuesday. It’s a day that some IT professionals dread, because depending on the number of software patches and updates that are released and the urgency with which those patches should be applied, it could be a long day or even the start of a very long week.

Software patching isn’t a sexy topic, but it’s one that requires coverage because of the current state of cybersecurity. Consider these security and device statistics:

  • Panda Labs identified over 84 million new samples of malware in 2015. As of Q2 2016, there were an average of 200,000 new cybersecurity threats detected daily.
  • According to Gartner, there are currently about 8.4 billion connected devices in use worldwide, and by 2020 there will be more than 21 billion.
  • The National Small Business Association says 42 percent of SMBs have fallen victim to cybersecurity attacks, and the average cost of those attacks is over $7,000 unless a bank account is hacked, and then the average cost climbs to over $32,000 per incident.

All these statistics point to the need for better overall security programs for SMBs, but especially the need for better patch management programs. The most recent bouts of ransomware that have been in the news—Wannacry and Petya—are just two examples of the damage that can result from unpatched systems.

The Danger of Unpatched Vulnerabilities

In the past, many programming vulnerabilities went unpatched for years because developers didn’t want to share information about the mistakes made during the creation process. And that’s essentially what a software patch is—a repair for mistakes made in the development process. When you realize that millions of lines of code go into creating a single program, you can understand how sometimes mistakes happen.

SMBs that forego patch management programs are at higher risk for hacking and ransomware attacks.

As with Microsoft, when a developer finds a mistake and creates a repair for that mistake, it’s pushed out to users as a patch or an update. You see on your mobile devices all the time in both the operating system and the apps you use. Here’s the frightening part of all of this. The same security patch or update notifications pushed out to you are also pushed out to hackers.

Hackers rely on the developers to let them know when there’s a vulnerability they can exploit. Once notified the hacker creates and exploit and then targets the most likely candidates that won’t install patches. That’s where SMBs face the greatest risk. Many SMBs assume they have nothing worth protecting, and they definitely don’t have the time necessary to work through the patch process, so they never install the patches.

Patch Management the Right Way

The challenge for SMBs is not in knowing they need to implement patches as they’re released. For many SMBs, the problem is in having the time to do it. If you’re thinking that applying patches is as simple as clicking Install, then you probably haven’t tried to patch a complex, customized IT infrastructure.

Complicated IT systems require that each patch be reviewed to prioritize the critical patches and updates. Then, the patches and updates need to be tested to ensure they won’t break your existing system. When an Update Tuesday includes dozens of patches and updates, you can see how it would create a mountain of work that most SMBs are not equipped to handle.

So what are your options? Ignoring the patches and hoping for the best is out of the question. Instead, SMBs need to develop proper patch management programs that help prevent the spread of malware and other malicious applications. Unfortunately, most SMBs don’t have the time or resources to develop and implement these programs. If that’s the case, reach out to a trusted partner, such as Advanced Network Solutions, who can help ensure all of your IT stays updated, patched, and secure.

Contact us today for a free consultation to learn more about how we can help ensure your IT stays patched and up-to-date.