The recent ransomware attack at Los Angeles Unified School District is a good reminder that local government entities must stay vigilant when it comes to cybersecurity.
As reported by the Los Angeles Times: “The extent of the breach is far-reaching and still being assessed and the hackers had likely been probing the school system for weeks, (LAUSD Superintendent Alberto Carvalho) said. They probably targeted the four-day Labor Day weekend for their attack, he said, as a time when there’s less watchfulness over operations.”
In fact, local government entities are under constant threat. Los Angeles Mayor Eric Garcetti told CBS News the city faces approximately one billion threats a month.
"We monitor about a billion, that's with a B, billion events and attacks a month on our own networks in the city," Garcetti said.
It’s costly to have adequate cybersecurity. And a recent study showed that 73 percent of businesses are inadequately prepared.
In LAUSD’s case, an audit two years prior to the attack found that the district’s cybersecurity systems needed bolstering. LAist reported that auditors convinced district staff to “hand over their passwords, tricked those employees into ‘execut[ing] malicious codes,’ and gained access to a ‘limited number of Social Security numbers’ stored on school district systems.
Sounds bad, sure. But LAist also spoke to several cybersecurity experts who said the LAUSD deficiencies were actually quite common and that the audit’s findings suggested the district “was taking online threats relatively seriously.”
Under the advice of the FBI, LAUSD is not disclosing how the breach occurred. But according to Avenu Insights & Analytics, a firm that specializes in cybersecurity for government agencies, “roughly 70% of Ransomware occurs via Phishing; meaning that one person on your staff can innocently click on the wrong link or attachment in an email or text and put an entire organization at risk.”
This means that educating your workforce is one of the most effective ways to prevent cyberattacks.
“Organizations must educate their workforce so that employees can recognize threats and take appropriate action to protect the organization,” writes Avenu Insights & Analytics.
But of course state-of-the art technology is essential as well. Once LAUSD’s technology department realized there was a breach, it was able to respond to the threat and prevent a much worse situation.
“District staff recognized the breach quickly and took fast action that may have averted an operational disaster,” the Los Angeles Times reports.
In fact, having the technology and staff to respond is one of the most important cybersecurity measures an organization can have. As Avenu Insights & Analytics writes:
“Once alerted that you are under attack or that you have been compromised, you must have the capability to stop it. Using tools and security systems that include automated responses can accomplish this. The use of AI, and the use of machine learning to stop the attack is critical due to the complexity of the attack and the speed at which damage can occur. Without this capability, you are leaving the action to stop the attack to your staff who will follow policy and procedure. The inherent delay in this type of response allows significant damage to occur to your environment. Time is not on your side during an attack.”
Adequate backing up is essential too. As Avenu Insights & Analytics writes: “Losing citizen transactions can be catastrophic so the more frequent the environment is backed up means that if there is an event you will lose less data.” Meanwhile, the length of time the system can be down must also be considered.
And all of this requires adequate planning. Are workforces well trained on appropriate cybersecurity measures? Has the organization set sufficient goals regarding backing up and implemented plans accordingly?
And is the organization prepared to adapt to worst-case-scenarios in the event of a successful cyber attack? As Avenu Insights & Analytics writes:
“As an organization, we rely on our partners, suppliers, and vendors to help us deliver goods and services. It is critical that they understand our needs should we be attacked, and that we have a plan of action in place with each of them. In one case study, we needed 500 disk drives to replace those that had been destroyed during a Ransomware attack. Our partner at the time could not deliver that quantity. That left us in a very difficult situation, and we had to scramble to find those disk drives. I recommend that you have agreements in place with your partners so that you have the capability to quickly recover.”
With local governments being increasingly targeted for cyber attacks, with cybercriminals becoming increasingly sophisticated in their attacks and with workforces increasingly working remotely, opening up new opportunities of attack, it’s imperative that cybersecurity be made a priority.
Funding cybersecurity, no matter how expensive, is likely less costly than the consequences of a successful attack.