Patching is not something that the IT department really enjoys doing. It is complicated and ongoing. It takes forever and it doesn’t add any actual business value.
Meanwhile you have myriad systems to patch, and endless patches to test and then install. Then you have to do it all over again. And again. And again.
No wonder a recent study by the UK-based Federation of Small Business shows that little more than a third (36%) of small shops patch regularly. Then these shops wonder why they got compromised, or blame their software vendors, especially Microsoft® – a common security punching bag!
Patching, well, patching properly, solves the majority of security problems. In fact 90% of successful exploits are against unpatched systems.
Even environments that should presumably be highly secure too often fail to patch. Last year an audit at the U.S. Department of Energy found that some 60% of their desktops lacked important patches.