Thought leadership. threat analysis, news and alerts.
The Importance of Facing Up to Cybersecurity Risks
A cybersecurity emergency has been declared across Louisiana, USA, after three public school districts were struck by a malware attack.
The cybersecurity danger hit Sabine, Morehouse and Ouachita, in North Louisiana, causing widespread concern. The Governor’s Office of Homeland Security and Emergency Preparedness put its crisis action team into motion quickly to handle the attack.
Sabine School District issued a statement, addressing the nature of the cybersecurity breach and their actions to fix it:
“The Sabine Parish School System was hit with an electronic virus [...[ this virus has disabled some of our technology systems and our central office phone system.”
According to the principal of Sabine Parish’s Florien High School, a ransomware virus had infiltrated their system and caused disruptions. The alarm was raised when the school’s technology supervisor noticed ‘unusually high bandwidth usage’.
Fortunately, Jones believes no sensitive information has been exposed during the attack, though everything stored on the School District’s servers was lost. This amounts to documents from across 17 years of Jones’s hard work, including schedules, speeches and more.
Taking Action, Addressing Issues Fast
While this is certainly a challenging situation for the three school districts, it appears the end result is nowhere near as terrible as it could have been. It’s clear everyone involved took decisive action when the suspicious activity was noticed, and the proper authorities were informed.
Plans for future protection and security measures are, apparently, being devised by state officials (in coordination with the FBI). But this case indicates just how important it is to face up to cybersecurity risks and take proper action to minimize the threat to systems.
Simply hoping hackers will miss or choose to ignore your business, organization, school etc. is simply not enough. Implementing effective defenses is the best way to safeguard your critical data, client information and financial details.
If any of these, and other types of vital data, become exposed by nefarious individuals, the clean-up could be a long, time-consuming, difficult process. The worst thing you can do in the event of a breach is sweep it under the carpet and try to contain any damage without raising the alarm.
Those involved in the Louisiana case alerted the proper parties and are dealing with the situation as best they can.
Yes, acknowledging that a cybersecurity attack took place does have the potential to affect your reputation and the trust people place in you. Yet it’s far better to be transparent and admit your cybersecurity measures may not have been quite as efficient as they should be than to lie.
The Problem of Ransomware and Preparing Your Team
Ransomware is, as our regular readers may know, a common choice of cyberattack for hackers. The Louisiana case is just one example of many.
The first ransomware was distributed by a biologist (Dr. Joseph Popp) in 1991: he sent floppy disks containing PC Cyborg Trojanto researchers, in an attempt to extort money.
Ransomware has come a long way since then, but while it has evolved in various ways, the aim remains the same.
Other notorious ransomware attacks include WannaCry, which was detected more than 250,000 times across 116 countries in 2017. This was designed to take advantage of a simple software defect, encrypting hard drive files to make them inaccessible — with the attackers only unlocking them after a bitcoin payment had been made.
The issue is, of course, that agreeing to pay a ransom doesn’t actually guarantee the people responsible will stick to their end of the deal. After all, why should they? If they’re willing to disrupt your daily processes, cost you money, damage your reputation and more, there’s no reason to believe they will do as they promise.
Prevention is, as the saying goes, better than cure. And that means taking steps to prepare your team for potential cybersecurity threats in their day-to-day work.
How can you do this?
Taking Steps to Protect Your System
Implementing security measures and processes to protect your system against breaches can be daunting, especially if you have no experience or real knowledge of this area.
It’s essential that you embrace the most cutting-edge cybersecurity software available and consult with experts. Professionals specializing in security measures and reinforcing systems will be able to identify the biggest dangers you face, how to defend against them and advise your team to be more vigilant.
In terms of training your staff, there are certain things you can try.
Raise cybersecurity issues and trends in regular meetings
Keep your employees updated on the latest cybersecurity hazards and techniques: make sure they understand what suspicious activities they should be aware of when responding to emails, downloading software or visiting websites.
Try to cultivate a more vigilant workforce and boost recognition of effective ‘safety first’ procedures. Get them into the habit of questioning links, emails and other potentially-infected elements when they’re not sure how safe they are.
Find time in a day to run a test exercise for your team. Act as if a cybersecurity attack has struck your system and have staff go through the motions of responding appropriately.
Do they know what to do if they spot the warning signs of an impending threat? Can they work as a cohesive team even when they’re not completely sure what’s happening? Work to make the answer to both a firm ‘yes’.
Everyone should know what role they have in the event of a cybersecurity breach. Perhaps they’re required to do nothing but sit tight and wait for business to resume as normal. Maybe they have to take an active part in informing clients of the situation or coordinating with security experts.
Having a formal plan means everyone involved can leap into action in the event of a crisis, saving valuable time and minimizing further disruption.
Knowing how to handle cybersecurity risks and attacks is fundamental for any business, organization or institution today. If you want to know more about protecting your system and taking effective action,contact our specialistsnow!
Steve E. Driz, I.S.P., ITCP