What the Equifax hack teaches us about patch management

In September, another major hack was revealed, this time hitting Equifax, one of the world’s leading consumer credit reporting agencies. The cause was attributed to a missed patch. These large-scale cyber hacks are a strong reminder of how important having a robust and consistent patching program is to secure not just your IT networks, but your process control networks as well.

This attack is not unique: the WannaCry attack in May was aimed at systems that had not applied a recently released patch. This summer, a US-based nuclear facility had their OT network recently breached through their IT network, again because the attacker was able to take advantage of unpatched systems. Many attacks were launched years ago and are lurking within ICS networks, looking for vulnerabilities to exploit. Unpatched equipment is precisely what they are looking for. 

When considering what steps to take in your own security program, keep in mind that every best practice recommendation includes patching as one of the most important aspects of a good security program. The US Department of Homeland Security lists patching as the second most effective tool against cyber attacks. Not only having a plan for patching, but making sure that patching is carried out consistently and uniformly is key to success.

Baker Hughes, a GE company offers a robust patch management service, Cyber Asset Protection (CAP) subscription, to make sure your systems are up-to-date and protected as well as keep you in compliance with regulations or internal company standards. which provides validated and tested patches and signatures as well as scripted installation. What sets CAP apart and provides additional value for you is the validation and testing process we put each patch through to make sure it won’t disrupt your operations. Learn more here.

Just starting your cyber security journey? Read our newest whitepaper to help guide you on how to set up an effective cyber security program.

 

Update My Subscription