The constant updates being pushed to your phone, computer, and other devices can get annoying. But they serve a crucial purpose in your company’s cybersecurity. Even a small delay in how quickly you install a new update or patch can make you a sitting duck for hackers. And as time goes by, the situation only gets more dire—the software industry has caught more zero day vulnerabilities in the past year than ever before. Let’s go into a few of the reasons why only running up-to-date software and staying on top of OS updates are so important to your business’ efficiency and cybersecurity.
Patches and Zero-Day Exploits
A zero-day vulnerability is a known vulnerability in a given system or software that has not been patched and can be an attack target for hackers. Until this vulnerability is patched, it is a wide-open door for any bad actor. Unfortunately, zero-day exploits are fairly common, and to fix them, end users have to download updates and patches. Turning on automatic updates and upgrading operating systems and other software that are no longer supported will help you stay on top of mission-critical updates and patches.
End of Life and “No Longer Supported”
Speaking of systems that are “no longer supported,” what does that really mean? When a company like Microsoft or Apple launches a new version of Windows or iOS, they will start phasing out the old version. Initially this means that new devices—new phones, desktops, servers, and the like—will only come with the new version of the operating system. But eventually, companies stop issuing updates and patches to any device running on the old operating system. This means the operating system is “no longer supported” and has reached its end of life; generally, any zero-day exploits discovered past this date will not be patched.
Case #1: Apple iOS Zero-Day
If it seems like everyone has an iPhone, that’s because there are more than a billion active iPhones around the world, and roughly 100 million iPhones in the U.S. alone. Many companies provide iPhones to their employees as mobile business phones. This makes iOS, the iPhone operating system, a prime target for hackers. Apple pushes urgent updates every few months, often to patch a new zero-day exploit for iOS. The most recent iOS zero-day, which was just patched this April, allowed bad actors to execute arbitrary code with kernel privileges via an app. Time is of the essence with this and any other zero-day; any iPhone that has not updated and installed the patch can still be hacked via this now widely-known vulnerability.
Case #2: Windows 7 End of Life
The Windows 7 operating system reached its end of life—the date at which the operating system is no longer supported by Microsoft—on January 14, 2020. While that was over two years ago, many individuals and companies are still using Windows 7 on machines connected to the internet. Private and government cybersecurity organizations, including the FBI, have been sounding alarm bells for years about the risks of continuing to use any software past its end of life date, particularly Windows 7. Those warnings are well-founded; the devastating 2017 WannaCry ransomware attacks were targeted at machines that had failed to install a critical Windows 7 patch. Since the Windows 7 end of life date, a number of new zero-day vulnerabilities have been made public.
Keep Your Software Up-to-Date with a Managed IT Provider
Zero-day exploits are an increasingly popular way for hackers to gain access to your systems and network, where they can go on to cause irreparable damage. Making a small investment in your technology now—replacing machines running outdated operating systems, turning on automatic updates, and finding an IT provider to keep you up-to-date on patches—can save you from a costly and reputation-damaging breach. Learn more about managed IT by contacting your Digital Agent.
Kate Lewis
Marketing & Sales Coordinator
Digital Agent
Follow Us:
