Until recently, there were always two conflicting opinions among the people who maintain computers. There was the desire to install upgrades as soon as they are available and those who felt the need to wait until the issues with the upgrades are worked out before upgrading.
In the past many companies and individuals lagged a year or more behind the latest updates. This allowed them to test that all the updates would work with their software and since they were using older updates many of the issues created by the updates would have been fixed.
Nowadays we are seeing exploits of security fixes within a few days of the patch being released. It is becoming crucial to quickly apply the latest security fixes. Attackers find out about a vulnerability and can quickly start to scan the Internet for vulnerable machines. Many times within a day or two of a vulnerability being announced you start seeing attempts to exploit it in the logs of your server.
This means it is no longer possible to set and forget a device attached to the Internet. You have to constantly monitor if there are security patches available and apply the patches. You have to upgrade to the latests supported software and stop using software that is no longer supported.
These constant upgrades will cause downtime, but reduce your risk to known and patched exploits. Occasionally a security update will cause issues and a decision will have to be made as to whether the risk is acceptable to run without that security update.
Another option is to try to harden the exterior of your network. If no one can get into your network, they cannot exploit your unpatched machines. This is generally not a good idea since exploits can come in the form of shared files, emails, web pages, etc. If you let machines on your network connect to the Internet you need to have all your machines and devices patched.
This constant updating will mean occasional downtime and lots of problem solving. Software will have to be regularly upgraded or retired. Business processes will have to be changed to accommodate these software changes. This means there will be even more call for technologists that can problem solve and think outside the box.
