Apply security patches and software updates

To gain access to your systems, cybercriminals scan endpoints exposed to the internet and identify any unpatched or out-of-date software, operating systems and hardware. They look for weak links anywhere — laptops, programs, Wi-Fi routers, mobile phones, etc.

Keeping your software, systems and devices up to date is the simplest and most effective thing you can do to mitigate risks tied to outdated and vulnerable software.

Various exploits that take advantage of vulnerabilities become available, often within a day of a patch being released. In some cases, exploits are developed for vulnerabilities that have not yet been identified, referred to as zero-day exploits. Patches for these are typically released pretty quickly upon discovery of exploitation and should be applied immediately to prevent compromise, data loss, financial loss and denials of service.

Next steps
• Establish and routinely update your organization’s patch management program: Ensure updates are installed on release. If you use automatic updates, be sure to routinely audit your systems to make sure patches were applied. Use threat intelligence to stay on top of news regarding new patches for vulnerabilities being actively exploited.
• Upgrade or decommission devices and technology that are end of life (EOL): Once software has reached EOL, vendors no longer support it, and as a result, it is no longer protected against vulnerabilities and exploits that are discovered.
• Ensure updates are being applied to hardware, not just software: Routers, wireless access points, firewalls, smart devices and mobile devices are all frequent targets of exploitation. Make sure you have a reliable asset inventory so you have a list of all of your physical devices you need to apply updates to.