In the Information Age, personal information is at a premium. Companies use it as the basis of their business intelligence, giving them valuable insight into what they should produce, how they should market it, and much more. In many cases, we give our information away for free on social media or when using apps. Other times, it is stolen in cyber attacks and may be used in more nefarious ways, such as to steal our identities. This makes it critical that organizations use vulnerability management best practices to help protect their sensitive data.
Vulnerability management is the systematic practice of finding, assessing, and addressing vulnerabilities to your software, computers, and networks. It is a critical part of an organization’s cyber security. By regularly searching for potential weaknesses that attackers could exploit, you can strengthen your security before it is compromised. Vulnerability management also creates a process for prioritizing threats, so you can respond efficiently. As the technological landscape continues to evolve, so too should your organization’s cyber security and vulnerability management.
In Louisiana, there is presently a need for strong vulnerability management. Earlier this year, cyber attacks were launched against four school systems in the state. Within months, Louisiana government servers faced a similar attack. In both cases, Governor John Bel Edwards declared a cyber attack state of emergency in Louisiana. Government and non-government organizations alike would be wise to engage in vulnerability management best practices in Louisiana.
Entrust Solutions is a leading vulnerability management and technology solutions provider with locations in New Orleans and Norfolk. Learn more about the recent Louisiana cyber attack state of emergency and vulnerability management best practices today.
Louisiana School Cyber Attack Spree
In July, a series of cyber attacks against Louisiana schools was identified. At first, attacks were only discovered in Sabine Parish, Morehouse Parish, and City of Monroe school systems. The news broke on July 24, when Governor Edwards declared a Louisiana cyber attack state of emergency.
According to KSLA, the technology supervisor for Florien High School in Sabine Parish received a phone alert indicating remarkably high bandwidth usage on the morning of July 21. The virus affected the Sabine Parish School System’s central phone system, along with several other technology systems.
Computer networks went down at Morehouse Parish and City of Monroe school systems as well that same week, and some phone systems were also disrupted. The attacks, which appear to be connected, were ransomware attacks. Hackers encrypted various school documents and files. Governor Edwards described the attacks as “severe, intentional security breaches.”
All three school districts have indicated that, to their knowledge, no personal or sensitive information was compromised. However, Florien High School did lose all of the documents and information kept on the School District’s servers, including years’ worth of schedules and speeches. While this may not constitute sensitive information, it was certainly still valuable to the school and its staff.
Later, another security breach was found in a New Orleans public school, Morris Jeff Community School. WWL-TV reported that the hack occurred on July 31, and WVUE-DT indicated that the breach happened on August 1. School officials claimed that “a single user on a single device experienced a security breach which was quickly isolated,” and no private or sensitive information was lost.
The quick identification and coordinated response regarding these attacks demonstrate Louisiana vulnerability management best practices in action. Yet they also underline the urgent need for strong cyber security throughout our state and beyond it.
First Louisiana Cyber Attack State of Emergency
Governments and organizations throughout the U.S. have faced similar cyber security threats in recent years. Unfortunately, not all of them have been adequately prepared with vulnerability management best practices.
In June, just a month prior to the Louisiana school cyber attacks, a suburb in Florida was attacked with ransomware. Within the month, the Riviera Beach City Council unanimously voted to meet the hackers’ demands in the hope of retrieving their encrypted files. Not only did the city agree to pay $600,000 to the hackers, but also the council decided to spend nearly $1 million to purchase new computers and hardware following the attack.
By declaring a cyber attack state of emergency in Louisiana, local governments became eligible to receive state resources to help address the attacks and prevent future security issues. This was the first time Louisiana mobilized this emergency support for vulnerability management. According to ZDNet, it was only the second time that a U.S. state governor had called a state of emergency in response to a cyber attack.
In his statement, Governor Edwards claimed, “This is exactly why we established the Cyber Security Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat.” The commission helps to quickly gather and organize agencies to assist in responding to an attack.
In this case, Louisiana received help from the FBI as well as Louisiana State Police, the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), the Louisiana National Guard, and the Louisiana Office of Technology Services, among others.
The Louisiana cyber attack state of emergency was scheduled to be active until August 21, unless the response and recovery reached its conclusion prior to then.
Second Louisiana Cyber Attack State of Emergency
Around four months after the Louisiana school cyber attack spree, a similar attack was discovered against the Louisiana state government. According to WBRZ-TV, state officials announced that an outside entity gained access to the government computer network.
The ransomware attack, which targeted state servers, bears many similarities to the attacks against Louisiana schools. State officials claim they do not expect any information to have been lost or compromised, and no ransom was paid. However, the attack did result in the disruption of government technology and online services.
State servers were temporarily shut down on November 18—not by the hackers, but as a vulnerability management best practice implemented by the state. This precautionary measure affected a variety of state websites, emails, and other online applications and services.
Some services were back online within the day, while others took several days to bring back. WBRZ-TV reported that some state employees, unable to do their work during the outage, were allowed to leave work early for the day. Even when important data is not lost, such attacks have the capacity to bring business to a halt and result in lost productivity and revenue.
The shutdown affected the state driver’s license system and other DMV activities, the filing process for food stamps, the NCIC federal background check system, the Louisiana Department of Children and Family Services’ child abuse and neglect hotline, and email communication with a variety of government agencies.
On November 22, Governor Edwards declared the second cyber attack state of emergency in Louisiana. As a result, Louisiana State Police were able to join forces with different federal agencies and cyber security experts for the investigation. This includes assistance from the Governor’s Office of Homeland Security, the Louisiana National Guard, and the Louisiana Office of Technology Services, all of which contributed to the vulnerability management and response for the Louisiana school cyber attacks as well.
The second Louisiana cyber attack state of emergency also enabled certain government agencies affected by the outage to waive fines and fees for the public. While service was interrupted, citizens may have missed payment or filing deadlines. The Department of Transportation and Development, the Department of Revenue, and the Office of Motor Vehicles were all given the authority to waive these penalties.
Louisiana Vulnerability Management Best Practices
In Louisiana, vulnerability management best practices can help prepare government agencies and private businesses to prevent and respond to attacks. In the aftermath of the recent cyber attacks against Louisiana schools and the state government, local leaders have urged residents and organizations of all kinds to take cyber security precautions.
After the Louisiana school cyber attacks, the New Orleans Mayor’s office offered security advice over Facebook Live. The City of Kenner also released a statement to citizens about the attacks. Jared Brossett, a New Orleans City Council member, said, “We want to make sure that we’re taking every precaution that we can.”
As a tech company that specializes in vulnerability management and has a New Orleans location, Entrust Solutions is deeply invested in this issue. We want to help more organizations throughout our region and the U.S. to develop a technology roadmap, protect against cloud security challenges and risks, and reduce their cyber security risks.
Review these vulnerability management best practices for Louisiana and beyond to get started.
1. Consider each asset’s value and vulnerability.
The initial stages of vulnerability management involve identifying and prioritizing risks to your organization’s assets. Not only is it critical to consider assets across your entire enterprise—from cloud services to web apps, mobile and IoT devices, servers, and any other system that touches your network—but also to evaluate them on a variety of factors.
Ask these questions of each asset you discover:
- What is this asset’s value to our organization?
- What is the maximum value this asset could provide to a hacker?
- Is this asset connected to any other assets, especially more valuable assets?
- How much control would a hacker gain from accessing this asset?
- How many people in our organization have access to this asset?
- How vulnerable is this asset to an attack? How long has it been vulnerable?
- How difficult would it be for a malicious party to gain access to this asset? Could it be attacked automatically?
- Are there any known malware or threats that could be used to compromise this asset?
It is certainly important to prioritize the security of assets that could pose the greatest harm to your organization in the hands of a hacker. But this shouldn’t be the sole basis for evaluating your vulnerabilities.
Some assets may not hold much value themselves, but they could give hackers a foothold into your network. Once a hacker gains access, they could exploit additional systems until they are able to compromise a more significant asset. If an asset is easy to compromise through low-skill or automated efforts, or if it has remained vulnerable for a long period of time, then it requires your team’s attention.
2. Train and motivate all workers.
Your vulnerability management program is only as strong as your weakest link. It just takes one careless worker to compromise an asset’s security.
Make sure every new worker is trained on the proper security procedures and best practices for your organization. A few basic vulnerability management best practices include:
- Recognizing suspicious activity, such as emails asking for personal information, and responding accordingly.
- Regularly backing up files, so they cannot be held for ransom.
- Installing and maintaining antivirus software on all company computers to help block, identify, and remove malware.
- Establishing strong passwords and practices, such as longer passwords, unique passwords that are not shared, and multi-factor authentication.
As your organization, its technology, and the threats you face change over time, update your vulnerability management program and cyber security training for employees accordingly. Routinely re-educate employees and make sure they understand how important it is that everyone does their part. In addition, be sure to determine who is responsible for each asset, as well as timelines and deadlines for addressing vulnerabilities, to establish accountability.
3. Scan for vulnerabilities frequently.
Once you establish strong vulnerability management best practices at your organization, you need accurate and up-to-date information to make the most of them. According to the Center for Internet Security, you should “automatically scan all systems on the network on a weekly or more frequent basis to identify all potential vulnerabilities on the organization’s systems.”
By repeatedly checking for vulnerabilities, you are able to continually search for new threats. In addition, you can see if anything has changed with existing vulnerabilities that would increase their risk, which could require you to reassess their level of priority. Finally, as your organization addresses its vulnerabilities, frequent scans allow you to monitor and manage your remediation.
4. Establish appropriate goals and metrics.
In order to ensure your vulnerability management program is serving your organization, you need to establish appropriate goals to reach and metrics to follow.
Goals will depend on your company’s vulnerabilities, needs, and familiarity with vulnerability management. This year, for example, you might aim to reduce your organization’s risks by 20%, reach a certain average asset risk score, address all vulnerabilities of a certain risk score or higher, or shorten your average remediation cycle to a specific length of time. For best results, choose goals that are SMART: specific, measurable, attainable, relevant, and timed.
Choose relevant metrics to track along the way so you can measure progress toward your goals and adjust your strategy if needed. Depending on your goals, you might track your average risk score or the amount of time it takes your organization to identify, address, or resolve vulnerabilities. This data can also help your organization understand how to realistically prioritize and assign remediation, as well as continually improve your vulnerability management program.
In addition, it can be valuable to track the progress of your different departments and employees toward company-wide or individualized goals. This empowers everyone to understand their contributions to the organization’s vulnerability management. You can also encourage healthy competition between personnel and teams with rewards for top performance. This can help motivate progress and commitment toward vulnerability management throughout your organization.
Contact Us About Vulnerability Management Best Practices
Need help establishing vulnerability management best practices for your organization? In the wake of Louisiana’s cyber attack states of emergency, it is more important than ever to strengthen your cyber security and invest in a vulnerability management program.
Entrust Solutions can assist with your vulnerability management every step of the way. From customized technology solutions for scanning your vulnerabilities to remediation and everything in between, we work with you to develop a vulnerability management program that will address your unique circumstances and needs.
Call 504-308-1464 or contact us online today for a free consultation.