Why are security updates so important?

Planet Drupal

It is not only your Smartphone or its apps that constantly want to do security updates. Every professional software has continual updates and improvements going on (Windows, MacOS, all Social Media services and much more). Drupal is also continuously being updated. And most importantly, many updates come with security updates as well.

For example, a patch for a critical security update for Drupal will be released tonight (2019-02-20): https://www.drupal.org/psa-2019-02-19 

Due to time and cost reasons it is very common that these updates are postponed or not done at all, which is the perfect situation for hackers to gain access to your website and all your data. Without the correct security updates your website is at risk for data and identity theft.

1. Updates protect against security gaps

Security gaps and software vulnerabilities are loved by hackers.

A software vulnerability is a security flaw or a security weakness of a software program or an operating system.

Hackers can use these vulnerabilities to infect your software with code they have written specifically for these vulnerabilities.

If your software is infected, the hacker can steal your data and/or take control of your software. The hacker could for example spread unwanted content throughout your website.

Security updates close these known security holes and keep the hackers out.

2. Security updates protect your data

Data security is an important topic and has been brought to the public eye again with the new GDPR from 2018.

Each website has some personal information, for example a contact form filled out by your visitors. And if you have a online store or an application portal you will have a lot more data and much more sensitive data.

This data is then stored on your website and can have a high value for hackers.

Sensitive data may then be used by the hacker to commit crimes on your behalf (or on behalf of your website visitor) or just to sell the data for someone else to use.

3. Functional failures and high costs due to missing security updates

Both the Drupal software and the modules used on your website constantly continue to evolve to provide enhanced functionality and more stability.

With an outdated security update such enhancements can result in downtime on your website and high repair costs if something breaks.

Security updates with Drupal

Drupal distinguishes between security updates for the core and for its modules. Both are always published on drupal.org.

In addition, every security update is classified in a vulnerability level.

The core is the basic software. The modules (e.g., slider) are used in addition on every website and the modules also constantly get new security updates.

Our recommendation

Security updates should always be carried out promptly.

If you do not have a partner who can update your Drupal web page quickly and cost effectively, feel free to contact us and we will gladly assist you with that.