Last month we posted an article about how patching your computers is difficult and cumbersome, but also extremely important. It didn’t take long for the news to catch up with us. Today’s example of just how quickly things go bad when you aren’t keeping up with security patches comes to us from England, where at least 16 hospitals had to divert emergency patients due to a ransomware problem.
In this case, attackers exploited a Windows vulnerability for which Microsoft had issued a patch…two months ago.
We often talk to customers about these risks, and how “patch Tuesday” release notices are a sort of treasure map. Attackers know that they only need to target new vulnerabilities faster than you can close them. Today’s attack is a chilling reminder of these truths. It has happened to a large institution with a dedicated I.T. team, and very shortly after the vulnerability was disclosed.
Worse yet, for those still using Windows XP and Server 2003, there is no defense against these sorts of attacks. Microsoft has given up on issuing security updates for them long ago. If an attacker can compromise a Windows XP or Server 2003 system, they have a clear path to wreak havoc on every other computer on the network – even the new ones.
The cost in terms of time, money, lost productivity, and things like morale & reputation for dealing with a ransomware or malware outbreak is many times higher than the cost of designing and maintaining I.T. systems to be protected from them. Using a trusted adviser like Nomerel brings those costs down even further. Which raises a question – if you know all this and you still aren’t patching, it’s probably not because you’re rich. It’s probably because you need help making it happen. In which case, we should be talking about how we can help simplify this part of your business life.