Patch Panic: Why Rushing to Patch Could Be a Flawed Fix!
Patch Tuesday may feel like a digital feeding frenzy, but rushing to implement every fix won’t necessarily bolster your security. Craig Lawson of Gartner argues that while patches break things, only a small percentage of vulnerabilities are exploited. Instead, he suggests a “cohabitation metric” to manage unpatched systems safely.
Hot Take:
When it comes to patching, slow and steady wins the race… or at least keeps you from pulling your hair out. According to Craig Lawson, the only thing patching in a hurry guarantees is a broken system and a headache that not even an aspirin can fix. So, unless you’re into high-stakes gambling with your IT infrastructure, maybe it’s time to stop chasing the patch dragon and start strategizing smarter.
Key Points:
- Craig Lawson of Gartner argues that out-patching cyber threats at scale is futile.
- Most organizations struggle with “threat debt” and believe faster patching will help.
- Many patches are complex and risky, often breaking systems rather than fixing them.
- Attackers exploit a small percentage of vulnerabilities, typically not the critical ones.
- Organizations should focus on a “cohabitation metric” to manage unpatched systems.
Already a member? Log in here