Essential Eight: Patching Applications

Don't Leave the Back Door Open for Cyber Criminals

AUSTRALIAN CYBER SAFETYCYBER SECURITYESSENTIAL EIGHT: APPLICATION PATCHING

Cat Metcalfe

1/15/20253 min read

A man sitting in front of three computer monitors
A man sitting in front of three computer monitors

Essential 8 #2:

Patching Applications – Don't Leave the Back Door Open for Cyber Criminals

Alright, then. Yesterday, we talked about Application Control—being the bouncer at the door, only letting the approved apps into your system. Today, we're moving on to Essential Eight strategy number 2: Patch Applications. And, if I'm honest, this one's a bit of a pet peeve of mine—but in the best possible way, because it's so important!

Think of your applications like a building. Over time, cracks appear in the walls, windows get loose, and maybe a door doesn't quite close properly. These are your vulnerabilities – weaknesses that cybercriminals can exploit to sneak into your systems.

What is patching, and why is it so crucial?

Patching is like fixing those cracks and loose windows. Software vendors regularly release updates, called patches, that address security vulnerabilities in their applications. These patches are essential for keeping your systems secure. It's worth getting clued up on any new vulnerabilities that are released.

Why the urgency? We're talking 48 hours!

Here's where I get on my soapbox. The Australian Cyber Security Centre (ACSC) recommends patching "extreme risk" vulnerabilities within 48 hours! Why the rush? Because cybercriminals are constantly scanning for these weaknesses, and they're quick to exploit them. The longer you wait to patch, the greater the risk of a breach. You can use a vulnerability scanner to help you. That 48-hour window? It's a big deal. Treat it like one!

We're not just talking about your operating system here.

While patching your OS is vital (and we'll get to that later), patching applications is equally important. This means staying on top of updates for things like:

  • Web browsers: Chrome, Firefox, Edge – they all need regular updates.

  • PDF readers: Adobe Acrobat, Foxit Reader – a favourite target for attackers.

  • Office suites: Microsoft Office, LibreOffice – vulnerabilities here can be devastating.

  • Java and Flash: If you still need these (and hopefully you don't), they're notorious for security holes. The ACSC in fact recommends that Flash should be blocked outright and this is good advice to follow.

  • Other applications you use daily: Consider any specialist software your business uses, like accounting packages or CRM systems.

This is a race against time.

Think of it this way: every unpatched vulnerability is like leaving a window wide open in your building. You wouldn't do that in the real world, so don't do it in the digital world.

How to make patching less of a headache:

  • Automate where possible: Many applications have auto-update features. Enable them!

  • Use a centralised patch management system: This can help you streamline the process, especially in larger organisations.

  • Prioritise "extreme risk" vulnerabilities: Focus on patching the most critical flaws first.

  • Stay informed: Keep up-to-date on the latest vulnerability announcements from software vendors and security organisations.

How Canzuki Can Help

Patching can be a complex and time-consuming task, especially when dealing with numerous applications and systems. Canzuki's vulnerability management and patch management service helps organisations like yours to effectively manage the entire patching process, from identifying and prioritising vulnerabilities to deploying patches and verifying their effectiveness. We can ensure your systems are always up-to-date, significantly reducing your risk of a cyber attack.

Call to Action:

Don't let patching fall by the wayside. Contact Canzuki today to learn more about our vulnerability management and patching services and how we can help you implement this crucial aspect of the Essential Eight.

Ready to seal those security cracks?

Call us at +61 2 7227 9388 or email hello@canzuki.com.

Bottom line:

Patching applications is a fundamental security practice. It's not glamorous, but it's absolutely essential for protecting your organisation from cyber attacks. By patching promptly and effectively, you're closing the door on cyber criminals and keeping your data safe. Especially within that 48-hour timeframe for critical vulnerabilities.

Tomorrow, we'll tackle the next Essential Eight strategy. Until then, stay vigilant, stay patched, and don't give those cyber crooks an easy way in!