Tech Tidbit – Are You Caught in Groundhog’s Day?

March 13th, 2024
Tech Tidbit – Are You Caught in Groundhog’s Day?

'Those who cannot remember the past are condemned to repeat it'

-George Santayana From his work; Life of Reason, Reason in Common Sense 1905

You have so many tasks you "must do" to keep your district safe. Keeping up is hard.

Most district technology departments are overworked and understaffed. That is why K-12 school districts are such a popular target for attackers. They are counting on you to have gaps that they can exploit.

The industry press is reporting that attackers are exploiting weaknesses in the network that had patches long ago. Worse the patches were often deployed properly and completely at the time they came out. The crisis was checked off the list and people went on to their next crisis.

However, over time, engineers forgot about the patched version and started reaching for the unpatched version - recreating the vulnerability.

A recent article stated that 45% of critical vulnerabilities remained unpatched in 2023 and that Log4J attacks were still a very popular exploit! It stated that older, unsupported OSes were 70% more vulnerable. It said that education was over four times more likely to have unpatched vulnerabilities than other industries and that attacks on education rose 10% Third-party devices that were unpatched also remained a huge problem as well. Source

CSI's CyberCNS Vulnerability Advisory Service has allowed me to see this phenomenon firsthand. For the first time, we can easily visualize many of the vulnerabilities in our networks and prioritize which ones are the biggest threats. We also have accountability as to whether or not the vulnerabilities are being promptly addressed.

And if a golden oldie, vulnerability pops back on the console because someone reached for the wrong installer or forgot to patch after installation, it pops back on the console so it can be properly remediated again.

If you are flying blind on vulnerabilities because you don't know what you don't know, we can help. Give us a call.

The bad guys know this and are exploiting it.

-Scott Quimby, CISSP