- Professional patch management helps prevent attacks on email servers
- For 9 out of 10 companies, patch management is a central component of the IT security strategy
- eco presents results of the IT Security Survey 2021
Against the backdrop of the attacks against email servers that have recently been reported, eco – Association of the Internet Industry recommends that companies put their own emergency planning and patch management to the test. Markus Schaffrin, security expert and Head of Member Services at the eco Association, comments that “Short-term exploitable security vulnerabilities in software show again and again how important keeping up-to-date with patch management and emergency planning are for the company.” This is confirmed in the IT Security Study 2021, published today by Association of the Internet Industry,* in which IT security experts emphasize the high importance of both topics when it comes to strengthening IT security. According to the eco IT Security Study 2021, published in English today, 88 percent of the companies surveyed by eco describe patch management as a very important topic in their security strategy.
In many places, however, there is a lack of implementation. According to the eco IT Security Study, only around 69 percent of companies have defined internal processes to respond to emergencies. Another 19 per cent want to establish such an emergency plan in the short term. In addition, it is necessary to keep up to date with new threats. “Up-to-date information on the status of the systems and software in use forms the basis for informed decisions and effective patch and emergency management,” says Schaffrin. Specifically, he gives 5 tips that help to avoid security vulnerabilities in the future, for example in the mail servers:
- Inventory: Take stock of the software and systems in use: What is used where? Which systems are currently running and which have been decommissioned?
- Define responsibilities: Who is responsible for what?
- Assess risks and classify them accordingly: Which services are most important for my company, what impact do vulnerabilities have on my business?
- Proactively collect information on possible vulnerabilities, such as from the German Federal Office for Information Security (BSI) and Cert Bund
- Establish processes for regular and emergency patching and practice them with your staff
*eco – Association of the Internet Industry surveyed 175 security experts from September to December 2020 and published the results in the eco survey IT Security 2021