Unitec IT Solutions Director Luis Marques details the risks of not performing IT maintenance, and how his Unitec’s Centralised Services NOC (Network Operation Centre) team help to keep you protected.
Cybercrime is at an all-time high and is currently tracking to be an annual cost of €4.8 Trillion by year 2025 (4 years’ time). 2021 is currently thought to be €5.4 Trillion.
There are 2 main types of patch / security vulnerabilities in operating systems.
- Regular (Unpatched) vulnerabilities (that are known, and a patch has been released to address the vulnerability (to secure the Operating System)
- Zero-Day patch / vulnerabilities – these a vulnerabilities that the manufacture / Vendor don’t even know exist yet but are discovered by hackers, hacktivists or state-backed Persistent Threats groups (such as the North Korean, Chinese, Russian, Israel or even USA governments funded military hackers)
A whopping 34% of all ransomware attacks in Europe successfully breach computing networks / systems due to known, unpatched vulnerabilities – in other words, these devices / networks were ransomed due to operating system patches addressing such vulnerabilities never being installed. This is higher than the global average of 27% (Source – https://www.tripwire.com/state-of-security/vulnerability-management/unpatched-vulnerabilities-breaches/)
A prime example of such a failure would be the UK’s NHS WannaCry ransomware attack on 12th May 2017. The NHS had been warned of the ransomware vulnerabilities and their need to patch their systems and migrate away from old software and operating systems no longer supported around 12 months prior to the attack taking place. 2 months prior to the attack, the NHS was again warned to patch their systems immediately and yet, failed to do so.
Similarly, we recently experienced a critical ransom of the Irish HSE in May of 2021. The most common methods of infiltrating networks (also known as attack vectors) by these criminal gangs and / or organisations is to attack unpatched / unprotected or poorly configured Remote Desktop Sessions, delivery by Phishing email and in taking advantage of unpatched / vulnerable hardware and Operating Systems such as Windows ® 10 desktop operating systems. Once they are in on a single device, they scan and seek out vulnerable servers / devices on the network.
To safeguard your networks and endpoints, especially due to the added risk of decentralised computing (such as remote telecommuters / working from home) it is absolutely key to take a multi-facetted, multi-layered approach, especially now, in protecting your data and systems from cyber criminals.
No longer is it good enough to just have a firewall in place to protect your perimeter, no longer is it good enough to only have a traditional Anti-Virus installed on endpoint devices.
We need to take a holistic approach to protecting our clients endpoints – and, step 1 in this approach is to ensure that critical data / computing systems are patched with the latest security vulnerability patches from Microsoft and from 3rd party vendors such as Adobe Reader® etc.
Microsoft have 2 patching regimes in use currently that ultimately ensure that your system is protected from Malicious software, fix Issues and bugs and to access new Windows and Software features. These 2 regimes are.
- The Windows 10 Feature Updates (Run as a Semi-annual patch / upgrade)
- Windows 10 Quality Updates
Feature Updates
These types of updates are effectively “new” versions of Windows 10 / Server operating systems and are available for download during the spring (generally in April / May) and autumn (Generally in October / November) time frames
For this reason, these are known as semi-annual updates / releases and extend support for your operating system by a further 18 months. This following piece is of absolute importance….
Once the support cycle ends for that version (18 months after release), you MUST UPGRADE to a supported version in order to continue receiving SECURITY and NON-SECURITY updates and patches.
This means that if you do not upgrade to the latest support feature patch, the regular quality patching (security patches) will cease!
Rollout of feature Updates begins to consumers and then to business customers through Windows Update as an optional update, which users must install manually. However, devices with an installation nearing the end of service will receive the feature update automatically to maintain the system secure and supported. Microsoft now take the view of forcing updating of Feature patches in the interest of ensuring your operating system remains secure.
It is for this reason that Unitec’s Centralised Services NOC (Network Operation Centre) team are proactively monitoring the features update cycles and ensure that these are pushed to our clients in a more controlled environment as Microsoft’s intrusive rollout regime. We encourage all users to take an active role in helping us secure your devices and networks by taking a positive approach to patching. A feature patch is released effectively every 6 months and is a small cost of 2 events per year, to keep your systems secure as best possible.
Quality Updates
Quality Updates (also referred to as “Cumulative Updates” are the traditional, mandatory updates and patches that are released by Microsoft on every second (2nd) Tuesday of every month – more commonly known as “Patch Tuesday”.
These patches do not include “feature” updates and are purely used to deploy bug fixes, patch security vulnerabilities and improve reliability of the operating system of desktops and servers. These are the important security patches.
These are generally installed and patches each Friday for desktops, and each Sunday for Servers unless a newly discovered zero-day vulnerability is found or made public and Microsoft® release and emergency patch to resolve that vulnerability – here the patch will be pushed out immediately as the risk associated with such zero-day vulnerabilities is exceptionally high – attackers take advantage of the fact that end user are generally slow to patch, this is when we typically see high volumes of attacks taking place as attackers race to gain access to systems prior to end users patching their systems.
It is important to stress here again that these security patches are not able to be updated / installed if your feature update version is no longer supported. It is therefore very important to carry out the semi-annual feature update in order to receive these crucial security patches going forward.