In the ever-evolving landscape of cybersecurity, the persistence of vulnerable systems poses a significant threat to organizations worldwide. Despite the availability of patches, many organizations, including local governments, continue to expose themselves to cyberattacks. This talk presents a collaboration of TU Delft and IBD, the CSIRT for Dutch municipalities, to shed light on the critical issue of unpatched systems within the context of 322 Dutch municipalities.
Drawing from a unique fusion of vulnerability scanning, notification studies, and user behavior analysis, our research unveils a stark reality: vulnerable systems persist unabated, even when patches are readily available. By engaging with security professionals from 54 municipalities, we validate the accuracy of our scan data and delve deeper into the root causes behind non-patching behavior.
Our findings not only confirm the existence of unpatched hosts but also reveal a profound misalignment between system attribution and practitioner perception. This misalignment underscores the complexity of the remediation process, challenging the traditional assumptions of cybersecurity frameworks.
Through in-depth interviews, we identify four distinct explanations for non-patching: unawareness, inability, retirement, and shutdown.
These insights highlight the intricate interplay between technical vulnerabilities and institutional frameworks, exposing the gaps in current mitigation strategies.
As we navigate this landscape of vulnerabilities and remediation challenges, it becomes evident that a paradigm shift is needed. This keynote concludes with reflections on how we can better address the underlying issues and foster a more resilient cybersecurity ecosystem for local governments and beyond. Join us as we explore actionable strategies to bridge the gap between vulnerabilities and remediation, safeguarding our digital infrastructure against emerging threats.