Cyber Hygiene – Patching is Caring

Cybersecurity professionals are often advising users to keep their systems and devices up-to-date because threat actors can exploit unpatched vulnerabilities, resulting in a debilitating cyber-attack. After a vulnerability is first disclosed, it only takes approximately 30 days for threat actors begin exploiting it. Despite the insistence from the cybersecurity community, organizations leave devices unpatched for years at a time, making them susceptible to old exploits. In May 2017, an outbreak of the WannaCry ransomware occurred, infecting hundreds of thousands of devices around the world, including those at Britain’s National Health Service (NHS). The ransomware weaponized the EternalBlue exploit, which targets a vulnerability in Server Message Block (SMB). Microsoft patched this vulnerability and provided updates for systems two months prior to the incident. Now, over two years later, WannaCry attacks are on the rise as many devices are still left unpatched, exposing them to exploitation. While patching systems can take time, it is a necessary practice to protect your network and data. The NJCCIC highly advises users and administrators to patch all software and hardware as updates become available and after appropriate testing. Please review the NJCCIC Cybersecurity Best Practices guide for more cyber hygiene tips.