Why "Don't Fix It if It Isn't Broken" Doesn't Work with IT Security

Blog

Thought Leadership

Why "Don't Fix It if It Isn't Broken" Doesn't Work with IT Security

Kristy McDaniel Baia

woman working at computer

“Don’t fix it if it isn’t broken.” We’ve all at least heard, if not used the phrase. But while this might aptly apply to costly and unnecessary home renovations, it doesn’t really work with IT security. The simple reason being if you don’t preemptively fix it, it will become broken. Specifically, we are talking about software patches and the inevitable end of life for your operating system.

Those software updates you keep clicking “later” on? They often deliver a payload of security patches or remedies to bugs. The longer you go without updating your system, the more gateways you’re giving hackers to infiltrate your device and steal your information. In 2014, 44 percent of data breaches were due to unpatched code that was two to four years old according to HP's Cyber Risk Report.

And data breaches are just restricted to businesses anymore.  With the Tesla "hack" earlier this year, the two “hackers” (ahem, researchers) discovered that the car had the potential to be hacked remotely because the car’s infotainment system was using a geriatric Web browser that contained a security vulnerability. That brings us to our next point: don’t use out-of-date/unsupported software. Once a solution has been doomed for its “end of life,” the makers of that solution will stop creating software updates that include security patches very shortly. While you may not be able to control which Web browser your smart car uses, you can control the ones you use at work or at home.

Ultimately, out of date IT security can lead to a malware infection, including Keylogger, ransomware, and other nasty viruses. It is much easier to prevent malware than to undo its damage, particularly with the case of ransomware where your only option to get your files back is to pay the hacker (this money also is frequently used to directly support terrorist activities). So the next time the maker of your browser or operating system sends you an update or end of life notification, don’t click “later.” Go ahead and update your system, or in the case of a solution that is going to reach its end of life, start researching alternatives.