Knowledge base

March 16, 2026

Ivanti vulnerability – what this says about your IT security

The recent incidents at the Personal Data Authority and the Judiciary make one thing clear. No organization is immune from software breaches. Even regulators with tight security are affected.

The cause is not just the vulnerability itself. The problem lies mainly in how organizations deal with it. Many companies still rely on patching as a solution. While attackers are often in before the update is even installed.

For Dutch organizations, this is a serious risk. Think AVG notification requirements, reputational damage and direct impact on business operations.

What goes wrong here with vulnerabilities in management software

This incident shows a pattern we see more often:

  • Too much reliance on vendors
    Organizations wait for patches and take little action of their own.

  • Patching as the end-all
    After an update, people feel safe. While an attack may have already occurred.

  • Lack of monitoring
    Without insight into internal traffic, you can’t see what happens after an intrusion.

  • No “assume breach” approach
    Many organizations assume they are secure, rather than that they may already be compromised.

Management software such as Ivanti increases this risk. These tools have broad access to systems. One vulnerability immediately means big impact.

What to do next

The NCSC’s message is clear. Assume a breach.

Specifically, this means:

  • Reset passwords of accounts with high privileges

  • Replace API keys and certificates

  • Check logs and suspicious activity

  • Monitor internal traffic actively

  • Segment your network to limit damage

These are not one-time actions. This should be part of your standard approach.

Why this is especially important in the Netherlands

The Netherlands has strict rules around data breaches. You must report within 72 hours. Without proper logging, you often don’t even know what was leaked.

In addition, many organizations use the same enterprise tools. That increases the risk of large-scale incidents.

The conclusion is simple. Security must shift from reacting to continuously monitoring.

How ALTA-ICT addresses this

At ALTA-ICT, we look beyond patch management.

We provide:

  • 24/7 monitoring of systems and behavior

  • Rapid detection of abnormalities

  • ISO27001 and ISO9001 based processes

  • Practical implementation without disruption

This way, you not only reduce risk. You also get a handle on what is really happening in your environment.

Conclusion

This incident shows that the biggest vulnerability is not the software, but the approach around it.

If you only patch, you are too late.
If you monitor and assume a breach, you are prepared.

Want to know how your organization is doing
Schedule a short security check and get instant insight into your risks

Want to know more?

Get in touch