Tulane expert available to speak on Louisiana's cybersecurity state of emergency

On July 29, Louisiana governor John Bel Edwards declared a state of emergency after three Louisiana school systems experienced cyberattacks. School systems in Sabine and Morehouse parishes and the city of Monroe were each affected by severe malware outbreaks.

Ralph Russo, director of information technology programs in Tulane University's School of Professional Advancement, is available to speak about cybersecurity attacks and can offer steps to minimize the possibility of being hacked.   

"Based on the (incomplete) information coming out of Louisiana, one could assume that these ransomware episodes are the result of using phishing attacks as the attack vector, in which malicious links are clicked or attachments are opened by government employees/contractors," Russo said.  

Cybersecurity Preventative Measures

In this specific case, and considering the state of emergency and high likelihood of attack, local government IT leadership should take the following steps/measures to reduce the chance of being successfully hacked, and if so to minimize the impact of the breach:

• Assign someone to take the leadership role in ensuring that actions are taken expeditiously, and as a liaison to government on this issue. This should NOT be the person(s) responsible for responding to an attack as a technical resource.
• Conduct an immediate awareness/education campaign to all users on phishing. Ensure that suspected phishing attempts are captured and reported to leadership during this time.
• Review user privileges and remove/downgrade all privileges that are not specifically required for someone to do their specific job. Often, admin “super-user” privileges are given as a status or nod to an employee’s rank or position. If these folks, often non-technical, are successfully leveraged for an attack, then the attacker gains these rights.
• Ensure that a complete map/inventory of the network, servers/infrastructure, and all connections to the internet are known and documented. You can’t protect something that you don’t know you have, or don’t know how to locate.
• Immediately verify that system backups are up to date, and complete. Consider performing a manual backup of critical systems, and then air-gapping those backups (do not leave them accessible to the network that may be targeted).
• Ensure that the network is segmented to constrain successful attackers to specific areas of the network. For example, if the Education Department has been successfully attacked, invaders should not be able to move over to Public Safety or government administration. Review firewall configuration – are they configured to provide the segmentation that leadership thinks they are providing?

Click here to contact Ralph Russo