To Update Or Not To Update, That is The Question
The majority of us, if not all, have seen the message that says “Press Here to Update now or Schedule for Later.” I am sure that 99.9% of the time you press the let’s do this later button. Here we will cover why you should take those extra minutes and accept the modification request from all your systems to include IoTs.
Imagine you are on an expedition to the north pole, you have all the necessary equipment and preparations needed to survive the harsh environment you are about to encounter.
While you are in the north pole battling the frigid weather, you notice a hole in one of your jacket’s layers and you contact the company to let them know about the defect. The jacket company identifies that the defect you reported is affecting these types of jackets. They send you a patch with the installation instructions to cover the hole so you do not freeze to death when you start your climb.
Instead of applying the patch immediately you decide to put it in a drawer because you don’t have time now to get the patch sawed on, telling yourself;
“I am busy, I will get it done later, what is the worst it can happen?”
The climbing trip you were so excited about started early because someone canceled. During the climb, a tree branch gets caught up in the hole and rips the jacket open. One of your layers of protection against the deadly cold is compromised. Now, the frigid cold wind penetrates into your boundary increasing your risk of dying from cold exposure.
When you decide to postpone updates/upgrades for a later time nothing might happen. But your risk of losing private data, photos, video (yes, those photos and videos in the “Work Files” Folder) increases drastically.
Next, let me explain the difference between update/upgrade and why is so important to apply them as soon as you get the notification to do so.
Update
Is making small changes to fix issues that could affect the integrity of the product. In the jacket example, the identification of the hole and the company sending you a patch is an update.
Upgrade
Is when later the jacket company identifies that the issue with the jacket is that the material is too fragile and they send you a new jacket with a stronger outer layer material. Upgrading refers to major changes to an item that implicates the removal of the identified bad (product, software, systems, etc.) and replacing it with a better one.
Updates/Upgrades to software and/or applications (Word, Skype, World of Warcraft, etc.), and operating systems (Win10, IOS 11, etc.) are reinforcements to cover a hole (error). Many of the layers of protection that you have worked so hard to implement can be undermined by a hole left open by “YOU” pressing the “Do it later” button.
Why is Important?
let me give you a peek into the mind of an attacker and how happy you make them when you leave holes open in your protection boundaries.
When an attacker is trying to get into your boundary of security, one of the first steps is to identify your systems. Then, research the different vulnerabilities (Holes) of that system’s software, operating system and applications. There are many free tools available in the wild that include the locations of these holes, and automatically guide you to the exact pathway inside.
Once they are inside they will have access to everything that systems process/handle and the trusted relationships that system has developed. Because of those system’s trusted relation the attacker now has the chance to move to other systems in your network. This is called “Lateral Movement“, that is the next goal of an attacker after breaching the first layers of defense.
I am not saying that updating will protect you from 100% of the attacks, but it will make it that much harder for an attacker. Just as the example of the jacket being ripped by the branch, the hole provided the branch with the hold it needed to tear the jacket completely open. If the jacket did not have the hole, it would have been harder or impossible for the branch to rip it open.
In conclusion, do not leave for tomorrow what you can do today, because by then it might have been to late.
