If your business has any IT resources at all and is connected to the Internet, it’s not a question of if you will suffer a security incident; it’s just a matter of when.
Just how bad such an incident will be comes down to your patch management strategy. Patch management is critical in any size company, from the sole proprietorship to the international enterprise, and keeping up with the patching on every single server and workstation on your network is the most effective thing you can do to minimize your exposure to the threats facing your network.
There are several different ways that malicious attackers can compromise your network. Malware infected email attachments and downloads, worms that propagate from system to system, and compromised websites that deliver harmful scripts to browsers, all tend to take advantage of unpatched vulnerabilities in your operating systems, web browsers and other applications to do their damage. Guessing passwords and finding unsecured ways into networks are still out there, but it is much easier to probe for an unpatched webserver, and that same activity is usually much more difficult to detect. Once an attacker finds a flaw, they can easily exploit it with any number of canned attacks. There are even frameworks where people can create “hack in a box” type plug-ins that anyone can use, with no programming experience required. (Read More)