Protect Yourself from Cyber Attackers Exploiting Software Vulnerabilities
In league with October as #CybersecurityAwarenessMonth, we are addressing the “Power of Updating”.
Cyber attackers constantly hunt for new software vulnerabilities, which are mistakes or weaknesses in how software is developed. These vulnerabilities can find in all sorts of software, from the operating system on your computer to the apps on your smartphone to the software that controls your thermostat. Cyber attackers exploit these vulnerabilities to gain remote access to your systems and steal your data, install malware, or launch other attacks. Software and hardware vendors constantly work to correct and fix discovered issues as quickly as possible. That’s why it’s important to patch early and patch often to avoid cyber attacks.
This is a list from CISA that provides known software vulnerabilities. You can always stay informed using this list: Known Exploited Vulnerabilities Catalog | CISA
Prioritize patching your software and hardware quickly after patches are released to avoid cyber-attacks and protect yourself from potential compromised patches.
- Check the software you use to see if there is an automatic update feature functionality. If there is not an automatic update feature, then go to the vendor page for the patches:
- Update iOS on iPhone – Apple Support
- Check & update your Android version – Android Help (google.com)
How “Updating“ Works
Upon discovering a software vulnerability, the vendor or developer creates a software fix, known as a patch, to address the vulnerability. They then publish the patch for installation. To avoid cyber attacks, it is crucial to patch early and frequently.
Patch early: Attackers relentlessly seek novel methods to exploit software vulnerabilities. Once a vulnerability is discovered, they can immediately begin developing exploits to take advantage of it. By patching early, you can minimize the time attackers have to develop and launch exploits.
Patch often: New vulnerabilities are discovered all the time. By patching often, you can ensure that your systems are protected from the latest threats.
Examples of software you may need to update:
- Operating systems (such as Microsoft Windows or Apple macOS)
- Home networking equipment (such as your internet router or Wi-Fi access points)
- Home smart devices (such as thermostats, doorbells, home appliances, or security cameras)
- Programs that run on your devices (such as your laptop’s web browser or your phone’s mobile apps)
This is why it is very important whenever you purchase a new device, install a new computer program, or mobile app, to also check the vendor’s website for any missing updates. This helps to ensure that you have the current software or device updated with the latest software and hardware patches. Remember to “Patch Early and Patch Often” to avoid cyber attacks.
The longer software goes without any updates, the more likely it is to contain vulnerabilities that can be exploited by attackers.
Here are some tips for patching early and often:
- Enable automatic updates for your software whenever possible.
- Regularly check for updates, even if your software is set to update automatically.
- Prioritize patching vulnerabilities that are known to be actively exploited by attackers.
- Have a plan for testing patches before deploying them to production systems.
By following these tips, you can help to protect your systems from cyber-attacks.
How to Update Your System
There are two ways to update your systems:
- Manual (the hard way):
You can manually download and install an update when it is available. This gives you more control over which updates are installed and when. However, the disadvantage of manual updates is that it is much more work, as you must track when each of your devices or programs must be updated and update them manually.
- Automatic (the easy way):
Enable automatic updating on all your devices. This means that whenever a new patch is released, your device will automatically download and install it. The advantage of automatic updates is that most of the work is done for you. However, when you enable automatic updates, be sure to regularly check your system to ensure the updates are happening.
Here is a great article from CISA (Cybersecurity and Infrastructure Security Agency) regarding Patches and Software Updates: Understanding Patches and Software Updates | CISA
Of the two approaches, we highly recommend you enable and use automatic updating on all your personal devices. This ensures that all the technologies you are using, from your smartphone and laptop to your baby monitor and door locks, have the latest software. Up-to-date devices and software make it that much harder for any cyber attackers to hack you and your systems.