This global ransomware attack is yet another example of organisations failing to cover the basics, in this case, patching VMvare’s ESXi software after the company became aware of the issue and released an update in 2021. It seems to be a repeating pattern, revealing that cybersecurity operations are complex and challenging. Many organisations have an extensive portfolio of advanced cybersecurity tools that aren’t designed to detect mistakes like missing patches. And, sometimes it’s not as simple as deploying patches as that can lead to the potential for issues interoperating with other systems. If that is the case, thorough testing must be carried out and any issues flagged with vendors for remediation. In the interim, other counter-measures should be deployed in front of the known vulnerability to protect the infrastructure.
Organisations must start simplifying their operations to ensure that basic cyber hygiene activities don’t fall between two stools. They can start by consolidating their cybersecurity tech stack, enabling them to identify broken processes and streamline operations. It’s a necessary step to gain complete insight and protect appropriately.