What Are Security Patches and Why Are They Important?
You may have heard the tech term “patches” thrown around the office or mentioned in news segments, but if you’re not already familiar, you should be. Patches are perhaps one of the single-most important cyber security tools that the everyday tech user needs, right up there with things like anti-virus software and scanning filters.
A patch is a small piece of software that a company issues whenever a security flaw is uncovered. Just like the name implies, the patch covers the hole, keeping hackers from further exploiting the flaw. A number of holes have been exploited with severe consequences before their developers’ could create a patch, including the Heartbleed virus in 2014 and the recent WannaCry ransomware attack that struck just this month.
WannaCry hit more than 200,000 computers and networks before a 22-year-old cyber security whiz identified and activated a kill switch. Some of the hardest hit networks were hospitals, as their systems were locked up by the attack. This resulted in the loss of patient care, and some facilities even had to turn away patients due to the inability to access any of their computers. The only way to unlock the computer and remove the ransomware was to pay the fine in bitcoin to the hackers, at least until the block was discovered.
Microsoft had already issued a patch only a matter of weeks ago for the particular hole that led to WannaCry, but many users had either not installed it or did not have automatic updates activated on their systems.
Whenever cyber security experts, researchers, or even just highly knowledgeable “hobbyists” discover a new flaw, the typical protocol is to alert the software developer immediately so they can issue a patch. They do not usually make the discovery public. This might seem counterproductive since typically the public can’t take action to protect themselves, but experience has shown that informing the public also alerts hackers to the existence of the flaw. By only telling the developers first, hopefully they will close up the hole before anyone else discovers it on their own.
Unfortunately, this kind of secrecy—while necessary to keep hackers from launching new malware attacks—also means that if the developer themselves discovered the hole and patched it in the next regularly scheduled update, you may never know about it. That’s why it’s very important to keep all of your software and handheld devices up-to-date; depending on your comfort level with your own tech you might choose to set your computer to automatically install any new updates from the developer.
If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.