#7 CASE STUDY - NO SECURE CONFIGURATION PROCESS

NO SECURE CONFIGURATION PROCESS 

"Default settings are the attacker’s best friend." 

COMPANY 

  • Sector: Development 

  • Size: 10–49 employees 

  • Location: Brussels 

FACTS & FIGURES 

  • 30 out of 35 companies were affected 

  • Protection efforts: None 

  • Business impact: High 

STORY 

At a small development company in Brussels, each employee works on their own laptop. Some of these employees have admin rights, while others do not. Some machines have their firewalls enabled, others have them disabled. Some have antivirus software running, while others don’t. But all the laptops are beautifully configured, aren’t they? 

Well, maybe not. When we asked the employees who was responsible for configuring these laptops, they told us... well, let me quote them directly. 

The team isn’t careless, they’re just busy. But in the absence of a uniform method for system setup, the company is vulnerable to a nearly endless array of risks. An attack could result from any one of a hundred improperly configured endpoints. 

INCIDENT OVERVIEW 

Secure configuration management refers to the practice of establishing systems and applications in a hardened, secure state by default and maintaining that configuration over time. When a system is first set up, it often comes with settings that favor usability over security (e.g., open ports, enabled services, default credentials). Without a secure configuration process, these usable but insecure defaults often remain just that: defaults. 

In this case, assets were not only manually configured without reference to any standard, but also in an insecure manner. Workstations had inconsistent settings; local admin rights were widespread; and weak access controls were, unfortunately, common. (Look in the mirror and say "common" three times.) 

BUSINESS IMPACT 

Skipping a secure setup process exposes organizations to multiple risks: 

  • Systems with unprotected settings are far more vulnerable to attacks. 

  • Without a clear standard, devices behave inconsistently, making detection and response more difficult. 

  • Compliance failures: Frameworks like CIS, NIST, and NIS2 require clear, consistent configuration documentation. 

  • Operational failures: Configuration errors are far more likely to lead to major disruptions.  

SECURITY MEASURES 

Below, you’ll find key recommendations to mitigate risks and enforce secure configurations: 

  • Establish a formal configuration management process, including versioning, auditing, and rollback capabilities. 

  • Join systems to Active Directory to centrally manage and enforce policies across all enterprise assets. 

  • Use Group Policy (GPO) via the Local Group Policy Editor to configure security-related settings at scale (e.g., password policies, firewall rules, software restrictions). 

  • Employ OpenSCAP or similar tools to define and audit compliance with CIS or NIST configuration benchmarks. 

  • Continuously monitor for drift from the approved configuration and take corrective actions when deviations are detected. 

RESOURCES 

Ready to strengthen your cybersecurity?

Contact us today to discuss how Cresco's services can help your organisation can protect and secure your organisation.

#6 CASE STUDY - NO BACKUP STRATEGY

Learn how a Brussels accounting firm lost years of data due to one unplugged USB drive and no recovery plan.