Friday, December 13, 2019 really was an unlucky day for the City of New Orleans, Louisiana. That’s when the City suffered a serious cyber attack (ransomware). In fact, it was so serious that Mayor LaToya Cantrell actually declared a state of emergency.
According to the City of New Orleans’ emergency preparedness campaign, NOLA Ready, which is managed by the Office of Homeland Security and Emergency Preparedness, the attack started at 5 a.m. CST. NOLA Ready first tweeted that “suspicious activity was detected on the City’s network,” and then again that “activity indicating a cybersecurity incident was detected around 11 a.m.” As expected, the City’s IT department quickly moved to power down servers and computers, and instructed employees to disconnect from Wi-Fi and unplug any of their own devices.
Now, three business days later, the full extent of the ransomware attack remains unclear. The investigation continues and operations are returning to normal. Fortunately, there is no ransom demand (as of yet), but these often do not come until later on down the road.
Louisiana is no stranger to cyber security events or to the issuance of state of emergency declarations in response to them. Believe it or not, the December 13, 2019 ransomware attack was the third such event in just six months. The first occurred in July 2019 when school district computers had to be taken offline. The second took place in November 2019 when state government websites and other digital services had to be deactivated.
Experts in cyber security agree that ransomware poses one of the greatest risks to municipalities across the country. One internet technology company identified 53 ransomware attacks against state and local agencies in 2018, up from 38 the year before. And, that’s probably nowhere near the actual number since ransomware attacks often go unpublicized.
Mitigation and preparedness are key to preventing, addressing, and overcoming cyber security events. Take the usual precautions of using the latest antivirus/antispyware software available, and keeping applications and operating systems current. Also, adopt a formal internet use and email policy, and train employees in basic cyber security principles. Last, but certainly not least, have a plan of action just in case your municipality becomes the next victim. (If your superstitious, it might not hurt to knock on wood too.)
With 10,000+ plans under its belt, BOLDplanning Inc. is the preeminent developer of online software for Emergency Operations Planning (EOP), Continuity of Operations/Government Planning (COOP/COG), Business Continuity Planning (BCP) and Hazard Mitigation. The company’s highly credentialed team of experts are also well-versed in facilitating HSEEP-compliant exercises to help ensure organizational preparedness for cyberattacks, natural disasters and other disruptive events.