DEV Community

Cover image for The Cost of Delayed Patching in the AI Age
Aashi Agarwal
Aashi Agarwal

Posted on

The Cost of Delayed Patching in the AI Age

There have always been risks associated with delayed patching, but what we’re seeing in the AI age is an increase in costs that exceed the expectations of many enterprises. This is because attackers have the potential to uncover vulnerabilities, distribute knowledge about them, and weaponize them faster than before due to the ability of AI to help them research, exploit and target.
The previous thinking was that there would be enough time available. There would be enough time between when patches were issued and when they were applied. In the current context, there could be enough time for attackers to find vulnerable systems and deploy automated attacks. And in the context of AI, attackers can search vulnerabilities, filter out targets and create variations on exploits.

Why Patching Latency Has Become More Critical?
Perhaps the most critical concern when patches are delayed is that of exposure. Once a vulnerability becomes known, attackers frequently begin their searches for any machines that remain unpatched almost immediately, and the use of AI technologies can facilitate this process further, cutting down both time and labor involved in finding potential targets. What used to be a challenge requiring human intervention can now be incorporated into a more extensive attack scenario.
The reason why this is critical is that even in the modern world, many companies still rely on elaborate approval processes, maintenance windows, and disorganized inventory of the available assets. This means that it takes more time to comprehend the situation, giving attackers a chance to act on their discoveries.

Real Business Expense
The expense of not installing patches isn't limited to technical aspects. It comes in the form of downtime, incident resolution, potential lawsuits, damage to reputation, and recovery costs. An attack that results from an unpatched system could result in customer notification, regulatory review, and reputational damage. In cases where the system is critical to the business, operational disruption that has an impact on business operations and revenue could also be part of the expense.
AI exacerbates this problem through increased exploitation velocity. Attackers can use the technology to rapidly test defenses and adapt their tactics. The delay in applying patches will thus become a business expense as well.

What Organizations Should Do
An organization requires a patching approach that keeps up with the pace of contemporary cyber attacks. This involves having an accurate asset inventory, prioritizing the list, and conducting quick assessments of internet-exposed systems and valuable systems.
Organizations should implement risk-based patching as well. Not all patches have the same level of urgency, but those vulnerabilities that can be exploited should be addressed quickly. Those in charge of security in organizations need to view patching as operational readiness rather than mere maintenance.

Lessons Learned
In the world of AI, delayed patching is costly because hackers have become more efficient than ever before. Organizations that can patch efficiently, prioritize well, and remove friction from the process will definitely gain an edge over modern hackers.

Find more resources on cybersecurity, threat intelligence, digital risk, privacy compliance, and consent management through IntelligenceX CyberSecurity and ConsentX. IntelligenceX helps organizations identify and understand emerging cyber threats through focused digital intelligence analysis and investigations, while ConsentX empowers businesses to achieve global privacy compliance with comprehensive consent management, cookie compliance, and data privacy solutions.

Top comments (0)