Updates… Not That Complicated?

IT security is not just a matter of updating Windows, macOS, or Linux.

There are many aspects to security, but today I want to talk more about vulnerability management.

When we talk about vulnerabilities, many of you will think of Windows Update. That tool that runs regularly to install security patches and new features. If you have an Android phone or an iPhone, you will notice that apps are updated often.

So we can say that manufacturers take their responsibility and fix the security holes discovered in their products.

If you do not follow technology news, it is likely that several vulnerabilities slip past you without you even realizing it. For example, today we learn that a D-Link storage device is affected by cr1pt0r. A piece of malware that encrypts any vulnerable device connected to the internet. A company that contacted us was using this device. When the general manager spoke with me, he said they all run automatic updates on their computers and that he did not understand why all his files and backup copies were now encrypted.

I use this example to illustrate the importance of vulnerability management as a whole. It is good that you have done your updates… but what about the other devices? Are the servers updated? What about firmware versions? And your router? Your switches? Your firewall? When will the technology products reach end of life? Do we have an upgrade plan? There may be elements that cannot be updated (as in the case of the company that called us). In that case, it is important to know and reduce the risk to a minimum. To take the example again, we could have kept backup copies outside this vulnerable device, or simply replaced it. It is important to have an overall view of your IT environment and to manage everything as a whole. We can never say it enough: security is like a chain. It is only as strong as its weakest link. At MMO Techno, we look at your entire solution in order to take a holistic approach.