The May 12, 2017, WannaCry ransomware attack was a reminder of how precarious internet security is today--and how vital it is to keep operating systems and applications updated so that the latest security is operative on all enterprise workstations.

Within this scenario, Windows machines are most vulnerable to attack because they comprise the majority of enterprise computer workstations and are the fattest target.

"I estimate that enterprises are running worldwide around one quarter of a billion Windows-based machines," said Sumir Karayi, CEO of 1E, which provides system lifecycle automation solutions.

Eager to stave off the WannaCry catastrophe, tech companies quickly began to update enterprise AV/AS (antivirus, anti-spyware) signatures; to protect endpoints like desktops, laptops, and tablets with a cloud backup that includes anomaly detection; to protect mission-critical servers with disaster-recovery-as-a-service (DRaaS); to notify users to install Microsoft's critical updates; and to refer to a survival guide.

A major network or internet interrupt is not a new phenomenon, and most enterprises have already identified it as a major threat in their risk management and contingency planning. So why is IT so slow in keeping these Windows-based machines up to date against security vulnerabilities?

"Many enterprises have thousands of these endpoint machines running, and they are widely distributed," Karayi said. "If they are running Windows 7 and not Windows 10, as many of them are, the process to update them might take two to three hours of an engineer's time if IT has to manually update it each individual machine."

Further complicating the situation is the fact that not all of these machines, which were purchased at different points in time, share the same BIOS, a set of firmware-based computer instructions that malware often exploits.

"This problem exists because not all BIOS versions resident on these machines support all 17 new security features of Windows 10 that protect against malware," Karayi said.

In a nutshell, then, here's the quandary: IT can't update all of these machines manually because it doesn't have the personnel to do so, and end users lack the know-how and can't commit the hours to this update process, either.

featureddownload2.jpg

Information security incident reporting policy

Make sure your employees know how to spot potential security breaches and how they should respond. This policy describes the signs that might point to a security incident and offers guidelines on the steps they should take.
Free for Tech Pro Research subscribers.

A potential solution

Karayi says that a new approach that enables end users to take on the update job simply by visiting a cloud-based portal that can step even non-IT end users through an operating system or an application update process with the help of wizards could help ensure that the latest versions of OSes and applications are installed on user devices. This could dramatically reduce the threat of outside malware attacks that frequently exploit older versions of hardware and software. The cloud-based update process assists by automatically telling users which operating systems and/or applications on their computers are out of date and require updates. This process can also reveal to a user an application that hasn't been used for several years and that potentially could be uninstalled to reduce the likelihood of a future security breach.

"Users can even do a full 'wipe and load' migration that wipes the disk of their computer clean, reformats it, and installs a new operating system version (e.g., a migration from Windows 7 to Windows 10)," Karayi said. "The cloud-based software backs up your core data, so you can reinstall it after the new operating system is installed."

Karayi believes that end users can self-administer these system upgrades by using cloud-based tools through a wizard-based portal because they are already used to performing these upgrades to their personal smartphones. With this approach, the user would be pushed an update request from the cloud telling them that a specific operating system or application warrants the download of a new version. A slightly different approach is to centralize update operations in IT, with the network pushing out automatic updates for apps and operating systems to users' computers whenever those users join the network.

In either case, there is certainly a better chance that users' desktops, laptops, tablets, and smartphones will remain updated with the most current security--reducing the likelihood of a malware attack.

"We don't know what the future holds, but what we do know is that at some point your company is likely to experience a security breach," Karayi said. "At that point, you are going to need a rapid response to that breach to lessen its effects. With most IT systems today this response can take one to three days to complete. Meanwhile, the hacker can continue to get into the network. For reasons like these, companies need automated tools that can help IT and end users stay current with their operating systems and apps."