We are inundated with constant headlines
Thousands and sometimes millions of records stolen by hackers(the bad guys).
In fact the worst breaches are health records as in this article at Forbes.
“The number of annual health data breaches increased 70% to 344 over the past seven years, with 75% of the breached, lost, or stolen records – 132 million – being breached by a “hacking or IT incident,” a nebulous category created by the government that doesn’t appear to distinguish malicious theft from accidental loss.”
The difficulty of people losing control of their health records has not been felt yet. What will happen when a ‘fake’ medical record already received your monthly pharmaceutical allotments?
The crush of constant attacks and patching environment in the IT department causes much stress.
We have monthly patch updates for operating systems (Microsoft Windows) and the underlying software (MS Office, Adobe, Java, Financial SW, Cisco and others). The patches and vulnerabilities never end.
Next month there are new vulnerabilities and new ways that an attacker can achieve their aims.
Here is a snippet of the CVE Details website
Since 1999, there have been 112364 vulnerabilities, sometimes 16k in one year. This is a huge crush of constant updates in the IT departments of the world.
There is only so much time to install patches, to make sure the servers and systems are operating. So sometimes we have to make risk assessments:
Every department has to decide which systems to fix first. Make the decision with Risk – Impact analysis. I.e. which system if compromised will create more problems than other systems.
This constant crush of patching is exacerbated the more systems one has. As systems are not standardized the patching gets more complicated and vulnerabilities pile up.
So why do i say No Mas(No more)? It is because there is no end to the tough schedules, there will always be off hours patching, and off-hours work. No matter your personal lives or otherwise issues that arise in a regular life.
Having someone check on whether your systems are properly patched can help, as the high vulnerabilities should be the highest priorities. from there the medium vulnerabilities should be tackled. For PCI compliance one must work and resolve any vulnerability over 4.0
Contact Us to discuss