Cyber Attacks Cause Statewide Emergency in Louisiana: Ivanti CISO Phil Richards Responds
As the state of Louisiana grapples with the fallout from a coordinated cyber attack against three school districts, we're given an opportunity to review practices to prepare for, prevent, and mitigate this type of cyber attack.
Louisiana Governor John Edwards said: “The state was made aware of a malware attack on a few north Louisiana school systems and we have been coordinating a response ever since.”
The cyber attacks targeted schools in Morehouse, Ouachita, and Sabine parishes. Details of the type of attacks have not been made public.
Governor Edwards declared a statewide emergency in order to access additional staff and resources from the Louisiana National Guard, Louisiana State Police, and the State’s Office of Technology Services. This is the first time in Louisiana’s history that a cyber attack is being treated like a natural disaster.
For state governments, IT infrastructure has become so important that the National Governor’s Association now advises states to develop response plans that place cyber attacks on the same level of urgency as natural disasters or acts of terrorism.
So, let’s take a look at how to identify, prepare for, and respond to cyber attacks.
What can we do to prepare for and prevent cyber attacks?
For most organizations, patching should be the first line of defense against cyber attacks. Ensuring that operating systems and third-party applications are up to date will limit or even prevent cyber attacks. Special effort should be made to ensure that all critical patches and updates for applications such as Adobe Flash, Java, Web browsers, and Microsoft applications are kept current.
Patches should be prioritized based on criticality and policy and applied so that they don’t disrupt users or operations.
Many organizations fear that comprehensive, timely, and consistent patching is too complex, or that it may break critical systems. However, using the latest patch management tools to scan for missing patches and deploy them to workstations or servers is a straightforward task in even the most complicated environments.
2. User Education on Phishing/Spam Emails
Most ransomware is spread using phishing or spam emails. As an example, users in the US House of Representatives fell victim to a ransomware campaign reportedly designed to trick users into opening an attachment sent to their Yahoo Mail accounts.
Training users to be savvy email consumers and careful web clickers is an important part of combating cyber crime. Criminals use many professional marketing and social engineering tools to improve their abilities, to trick users into opening fraudulent emails, and to increase their chances of success. It is likely that even the most educated user will be tricked. Education isn’t enough. Users need to receive periodic drills of phishing email campaigns that provide immediate feedback when they click on a link. When users see themselves getting “caught” is when they begin to change their behavior.
3. Privilege Management
Minimizing privileges is an important tactic to mitigate the damage caused by many types of malware, including ransomware. For example, the Petya ransomware requires administrator privileges to run, and will do nothing if the user does not grant those privileges. Removing administrator rights is easy, but balancing privileged access, user productivity, and enterprise security is not.
Effective access control protects organizations against malware and ransomware. Access control that focuses primarily or exclusively on privileged user access rights will likely prove less than effective. Generalized access control can be highly beneficial for protecting files located in on shared drives. Users have legitimate needs to access and modify files on shared drives. After all, those files are document files created by legitimate users. As a result of this generalized access, a ransomware attack that successfully infects the system of a user with legitimate access rights can encrypt and hold hostage all the files on all connected, shared drives and folders.
Check out Ivanti's Security Solutions
In short, the recommendations of patching, user education, and privilege management are critical practices to implement when preparing for and preventing attacks. Doing these things across a large organization may be somewhat trickier than the words imply. For example, patching a phone system means that phones might not be available, vendors may not support patched components, and products might fail. When implementing patch management, end-user training and/or privilege management programs, the use of best-in-class software solutions may be needed to make these implementations practical and comprehensive.
Ivanti has some great tools to help in the areas of patch and privilege management, and we will discuss these tools and how they address these problems in a follow-up post.