Patch and Pray

What Does Patch and Pray Mean?

Patch and pray is an approach to cybersecurity that has to do with responding to existing threats and hoping that the results will deter future attacks. It is a common strategy of businesses that do not have the resources to be more proactive about their security.


Techopedia Explains Patch and Pray

Essentially, many companies and other parties do not have the resources or the ability to develop foolproof cybersecurity plans. As a result, many aspects of their plans are based on reaction: when a data breach or other type of malicious attack happens, the company addresses it, does damage control and puts solutions in place to stop it from happening again.

The problem with this approach is that cyberattacks evolve and so should cybersecurity. Security experts are recommending proactive cyberintelligence gathering that helps companies to predict cyberthreats and guard against them, instead of waiting for them to happen. For example, the security community often identifies existing viruses, malware applications or cyberattacks, and distributes solutions to inoculate systems against them, much the same way that medical professionals distribute vaccines for illnesses. This is a type of “patch and pray” reaction.

Along with these kinds of strategies, government and private business leaders are now recommending the use of more comprehensive security systems, many of which involve encryption, data shielding, data masking or other methods that will render a number of cyberattacks less effective. One example is the use of comprehensive cloud encryption gateways to encrypt all data emerging out of an internal corporate network. This type of brokered security means that many different kinds of hacking attempts between the internal network and the cloud do not jeopardize corporate data, even if they are successful in hijacking data traffic.

Developing a protective cybersecurity regimen takes time and requires a lot of resources. However, the cybersecurity community is leaning toward this type of model, in order to safeguard valuable data against hackers and unauthorized cyberattackers.


Related Terms

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…