At this time of year for retail, during festive trading, many retailers will ‘freeze’ critical transaction and other supporting systems so as not to risk outages from patches and updates.
David Schreiber of Tenable Network Security writes: “The focus for IT teams is on uptime, performance, throughput and availability – optimising retail transactions. Patching and other security-related updates get pushed to the back burner.
“Major vendors like Oracle, IBM, Cisco, Microsoft, Red Hat, Google, Apple and Adobe together will announce hundreds of vulnerabilities in Q4 2014. And, if the last two years are any indication, there will be hundreds more in January. This implies that there are lots of merchants running their businesses on vulnerable systems.
“Security is a daily habit, not just an annual compliance validation. Changing security habits from naughty to nice requires time, effort, vigilance, investment in comprehensive security solutions, continuous monitoring, employee training, and attitude adjustments. It’s a major investment, but well worth the expense when compared to the cost of recovering from a major breach.”
Visit his full blog post.
