Waiting a month to patch that one Exchange server? That would be 70 million euros, please.

For Eddy Willems, security evangelist at G DATA CyberDefense, giving half an hour off is usually not a problem for us. Reconsidering what we’re going to talk about this time in the world of security is another matter. Everything has been said, repeated, beaten to death, and yet we still see ransomware attack after ransomware attack in the news.

“The city of Antwerp? don’t break my mouth If they had patched in time, we would never have talked about it.” He sighs deeply, repeating what he’s said so many times before. “Patch a device that is connected to the Internet not four weeks from the date, but immediately. Wait a week at most to find a suitable time to install the patch, never longer.”

patch patch patch

Willems assumes that an uninstalled patch was responsible for the cyber attack on the city of Antwerp. He points to the Play hacking collective, which hacked the city and made other victims around the world with the same zero-day leak in Microsoft Exchange.

“I can’t believe anyone on the IT team today, regardless of organization or company, would think patching was unnecessary.” Okay, there’s always a little bit of downtime involved, but not every application is equally critical and there are always times when things are quieter during the day or at night.”

In his frustration, he points to the ransomware attack on Rackspace, a major US hosting provider. Customer data was stolen there at the end of last year and the e-mail traffic of 30,000 customers was disrupted. Responsible for the hack was the hacker collective Play, the same organization that woke up the city of Antwerp and numerous other government agencies and companies a few weeks later.

“One Exchange server at Rackspace was not yet equipped with the latest patch that closed the zero-day leak. The hosting provider claimed that installing patches generally involves downtime and that it doesn’t want to burden its customers with it too often. Now customers couldn’t send emails for days, not to mention the loss of image. Then it’s better to patch more frequently in between.”

Patch an internet-connected device not four weeks after the date, but within a week.

Eddy Willems, security evangelist at G DATA CyberDefense

He is pleased that Rackspace is very transparent in its communication. Thanks to them, word got out that the zero-day leak was worse than expected and that Exchange servers needed to be patched at lightning speed. Unfortunately, the hacking collective Play has since hit other organizations in exactly the same way. “This collective of hackers thinks they’re rich because some IT admins didn’t do their job right.”

IT IT IT

During the conversation, we note that Willems has to hold back from pointing fingers at the IT teams. He says most are good at their jobs, but there are always those who think they know everything. “The human factor remains the weakest link. This applies to everyone within the organization, including everyone on the IT team.”

“Just think how many have admin rights to some things they don’t need. How often is it patched? Has MFA already been implemented within the organization? Is everything configured correctly? Far too often today, an IT team is expected to run smoothly.”

Willems points to a solution for many companies: managed service providers. They have tens or hundreds of clients that they manage security for and they know everything perfectly because they only focus on security. “Such a solution offers a lot of security, but you also have to have the financial leeway for it. Luckily, I can see that there is movement and that cybersecurity is getting a seat at the table.”

How many have admin rights to some things they don’t need? Too many.

Eddy Willems, security evangelist at G DATA CyberDefense

It seems only logical to us that there should be room at the table. According to researchers, the cyber attack could cost the city of Antwerp up to 70 million euros. More budget means more or better tools and more people to focus on cybersecurity.

Test, test, test

Rapid patching, MFA and regular employee training on cyber threats: Willems believes that anyone who considers these three aspects to be extremely important as an IT team will achieve a lot. However, we should not forget a fourth element. “Test, test and test again. It’s all well and good to have the latest tools running, but are they configured correctly? First, let’s look at the configuration of all the tools. An independent expert might find some problems there.”

Additionally, security products are now more complex than ever, increasing the risk of misconfiguration. “Many organizations want to do business themselves, but that always involves risks. Let yourself be guided to make sure everything goes well.”

If you want to go one step further, you can always have a pentest carried out. That’s a brutal wake-up call for many organizations, but that’s what they’re here for. By discovering security flaws before a malicious hacker does, with the help of ethical hackers, the problems can be solved in a timely manner.

“No matter how you look at it, there’s always a human factor,” concludes Willems. “Either it’s the average employee who is not trained well enough and then makes a mistake, or it’s the IT administrator who is too lax.” Then you still have the very best tools in-house, people remain the weakest Element.”