Patchy Protection – the Cybersecurity Limitations of Software Updates

by | Oct 26, 2022 | Thought leadership

The importance of keeping software regularly updated is one of the key themes for Cybersecurity Awareness Month in 2022. As the event organizers explain,“one of the easiest ways to keep your information secure is to keep your software and apps updated.”

This is very sound advice, and the patching process has become an important and regular event on the global cybersecurity calendar. ‘Patch Tuesday’, for example, takes place on the second Tuesday of every month when Microsoft and other software vendors release a range of software fixes – some of which deal with critical vulnerabilities. It offers an ideal opportunity to address emerging risks for IT and security professionals the world over.

The problems don’t end once updates have been installed, however. New zero-day risks and vulnerabilities can emerge as quickly as 24 hours later on ‘Exploit Wednesday’ – seen as an ideal time for cybercriminals to develop further exploits for systems that haven’t been updated.

What’s more, part of the challenge with fixes and updates is that they can cause critical performance issues for some of the users who have downloaded them. As these issues are identified, IT teams use ‘Uninstall Thursday’ as the time to remove the components in question to get their systems running normally again.

Patchy practices

One of the other problems with software updates is that not everyone has got into the patching habit. NCA research, for example, shows that nearly a third (31%) of US/UK respondents say they either “sometimes,” “rarely,” or “never” install software updates.

What’s more, most security strategies are designed to react to security risks, particularly those that arrive through the billions of files and documents being sent and shared every day. In the crucial period before vendors release patches, new zero-day exploits can remain active, undetected, and embedded within files for up to 18 days until antivirus and sandboxing technologies are updated to mitigate the risk or software fixes emerge.

Given approximately 1 in every 100,000 files contains malicious content, with 98% unknown to antivirus solutions, these remain invisible to reactive cybersecurity technologies. As a result, file-based zero-day exploits have become a preferred way for cybercriminals and nation-state hackers to gain access to networks or to deliver malware.

In contrast, Glasswall takes a proactive approach to file-based threats – our zero-trust CDR (Content Disarm and Reconstruction) technology identifies and removes risky, zero-day file-based threats from all files – minimizing downtime and disruption often caused by traditional reactive solutions.

The process requires no blocking, no patching, and with no false positives to hold back important business documents, only safe, secure and trusted files are delivered. The result is that when every file is sent or received – via email or the cloud – it can be treated with confidence by organizations that are fully protected from zero-day malware threats.

Try Glasswall CDR on your browser or device

Related

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cybersecurity Crisis Response

Cybersecurity Crisis Prevention

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

Glasswall CDR Portfolio

Reactive cybersecurity is failing - it’s time for a better way. Traditional detection-based security methods play catch up with new threats. Find out how your organization can take a proactive approach to cybersecurity.

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.