A Community College enlisted a penetration test of their systems connected to the internet for ease of access for students and faculty.
Any externally accessible systems would be secure with strong passwords and multi-factor authentication (MFA) to keep out any unauthorized access to any sensitive systems.
While password spraying reviled several accounts using weak passwords and no MFA. Using these compromised accounts allowed access into several sensitive systems, such as the ability to change student’s grades, access to budget info, and student loan accounts.
Give better training for users on developing a practice of keeping strong passwords. That will help users to see the importance of strong passwords. Also increasing the password complexity for user accounts and implement MFA on all teachers and facility, blocking unauthorized access to sensitive systems.
No matter how many security measurements are in place, users are always going to be the weakest link. There is an expression, “Amateur’s hack systems, Professional’s hack people.” Strong passwords are the foundation of a secure network.