Bill Fitzgerald (@FunnyMonkey) has written a post that I wish all school districts would read, process, and follow up on. The following is just a snippet from his post:
We should assume that the KnowBe4 impersonation and the xz incident are not isolated or unique, and that there are other similar attacks underway that are having varying degrees of success, or are currently in the process of working. We should also assume that the people attempting to compromise systems are professionals, have both skill and time, have done research to identify both useful and accessible targets, and are working multiple angles in parallel.
Bill advises schools and districts to question vendors, starting with:
- How do they audit — and how often do they audit — third party code and dependencies in their software? This includes any and all libraries, SDKs, analytics tools, etc.
- How do they monitor and protect against insider threat?
- How do they test and verify updates? What is their rollback process if and when a bad update gets released?
- How do they document and share successes and failures with these processes in a safe and transparent way?
Read more at FunnyMonkey.