Owl Cyber Defense
Secure by Design
banner-gradient.png

Owl Blog

Cybersecurity, Technology News and Insights

 
 
2018-Welcome.png

After months of planning, we are thrilled to launch our new blog! Here you’ll find the hottest cybersecurity tech trends, latest industry news and helpful tips and tricks in mitigating cyber threats. As we continue to learn more about what our readers are interested in, we will work hard to create valuable content to help cyber security professionals with product innovations, news and insights on laws and regulations in #InfoSec.

We wanted a new way to collaborate and communicate with our community, share multimedia such as videos, use cases and other helpful resources. Visit often we have lots to share!

We look forward to growing with you as we embark on this new journey. Don’t forget to subscribe above and follow us on social media! Thanks for coming by!

- TEAM OWL


 
 

The Importance of Routine System Updates

 
By Phil Won
Product Manager

January 10, 2019

The Importance of Routine System Updates

Raise your hand if you’ve ever felt a pang of guilt when your doctor reminded you to eat healthier and exercise more at your annual check-up. My hand is up. Of course, no one wants to lead an unhealthy lifestyle, but alas, life gets in the way and the ever-growing list of things to do keeps getting longer. So you tell yourself you’ll start tomorrow – and tomorrow goes on for months.  

Don’t you feel that same strike of guilt when you receive an email alert to update your systems software or firmware? You know you should perform the update, but there are new initiatives to implement, processes to be optimized, and sometimes very costly downtime to consider, so you make a mental note to address it later. Besides, it took plenty of time and effort just to get everything up and running, tuned and optimized, so why mess with a good thing?

However, just as it’s not good practice to ignore our health, prolonging or ignoring a software update could expose ICS/OT and IT networks to attack and possible breaches. These system updates provide critical fixes to newly identified security vulnerabilities and exploits (unfortunately, these continue to be found by hackers) and other minor and major software bugs, as well as new features and functionality.

So important are they that the U.S. Department of Homeland Security included guidance on them in their white paper, Seven Steps to Effectively Defend Industrial Control Systems. Under proper configuration/patch management, the paper states: “Adversaries target unpatched systems. A configuration/patch management program centered on the safe importation and implementation of trusted patches will help keep control systems more secure.” Especially as standard (and more vulnerable) IT solutions such as Microsoft Windows are utilized on more and more ICS workstations and servers, it is even more important to make routine system updates an integral part of everyone’s cybersecurity best practices.

Despite all this, when balancing the need to protect from possible threats with the daily pressure to maintain peak operational efficiency and integrity of production processes, it is still easy to default to addressing the here and now. However, the longer the system goes without updates, the greater the number of potential threat vectors, the amount of eventual work to update to the latest software revision, and the potential for older systems to age out of support availability (when patches for older systems are no longer produced).

Sometimes there may be reasons why regular updates are just not feasible (see the recent article What If You Can't Patch? for ways to address these situations), but for everyone else, here are some basic cybersecurity and software update best practices to follow:

  • Stay informed of the latest threats and vulnerabilities. Awareness is the first step to taking action.

  • Verify that the software updates are from your trusted solutions provider.

  • Update and patch critical system vulnerabilities at a minimum. The downtime will be more than offset by the disruption and cost to your operations if the system is corrupted.

  • Keep your systems up to date before they become obsolete and no longer supported.

With the start of the new year, it’s the perfect time to start making a habit of routinely updating your system software! The health and security of your systems and your IT department will thank you one day. Now excuse me while I go purchase a gym membership.