Bold Business Logo

Louisiana Declares State of Emergency over Cybersecurity Attacks

On July 24th, Louisiana’s Governor John Bel Edwards declared a state of emergency for the entire state of Louisiana. It wasn’t for a hurricane threat arising out of the Gulf or a series of tornado’s racing across the state. Instead, the triggering events were cybersecurity attacks affecting several large northern state school districts. The governor’s response highlights the level of attention these events now attract.

By declaring a state of emergency in response to the school data breaches, Governor Edwards mobilized needed resources. Not only does a state of emergency provide access to the National Guard and the Louisiana State Police, but it also provides resources through state universities and the Louisiana Office of Technology Services. Given that the school data breach occurred via ransomware, such resources can be vitally important.

cartoon of cybersecurity culprit being chased by police officers
Cybersecurity attacks in the state of Louisiana pushed Governor John Bel Edwards to declare a state of emergency.

Cybersecurity Attacks Out of Control

The school data breach in Louisiana is not anything new when it comes to cybersecurity attacks against schools. In 2018, cybersecurity attacks against the Florida Virtual School affected thousands of students. Likewise, ten years of information was stolen from a San Diego’s school system in a school data breach last year. And in terms of declaring a state of emergency for a cybersecurity breach, Louisiana is not the first either. In 2016, Colorado Governor John Hickenlooper did the same after a DOT data breach.

While the school data breach in Louisiana and its reactions are not novel, these events demonstrate their increasing occurrence. Several key cybersecurity statistics support this claim. For example, cybersecurity attacks target businesses every 13 seconds, and the costs of cyber-attacks approach $5 trillion presently. Likewise, ransomware, which holds its recipient hostage until some task is performed, is increasingly common. Ransomware attacks grew 350 percent last year, costing $10 billion overall in 2019.

Barely a month since Louisiana declared a state of emergency, 23 local government agencies in Texas have also fallen victim to ransomware attacks. The Texas Department of Information Resources (DIR) is investigating the origin of the attack but emphasizes that response and recovery are high on its priority list for now. Damages caused by the wave of malware attacks have reached $12 million. Texas Governor Greg Abbot declared a Level 2 Escalated Response right after the attacks.

What Can Organizations Do to Prevent Business and School Data Breaches?

While declaring a state of emergency grants access to needed resources, preventative efforts are much more effective. One reason that prevention is more effective is that most cybersecurity attacks are not noticed for six months. Not a bad lag time for a cyber-criminal. In addition, over 90 percent of all malware is launched through phishing emails. Thus, the opportunity to educate and invest in protective measures is quite feasible in deterring business and school data breach events.

Increasingly, all types of organizations are investing in cybersecurity measures and professionals for enhanced protection. By 2024, expenditures on cybersecurity, in general, is expected to reach $1 trillion. Given the risks and costs associated with business and school data breaches, such investments are actually reasonable. But unfortunately, demand far outweighs supply. Currently, there are around 300,000 unfilled positions for cybersecurity professionals in the U.S. presently. And this figure may rise to three million or more in a few years. Thus, finding the right professional to prevent cybersecurity attacks should be a priority for most organizations.

Shane Morris talks cybersecurity attacks
Cybersecurity attacks have ventured into the realm of school data breaches… and that’s a big problem.

Assessing the School Data Breach in Louisiana

As noted, the school data breach in Louisiana affected three northern parishes and involved ransomware. But the bigger issue that the state has identified is its lack of coordination throughout the state. Prior cybersecurity attacks had been handled as local events rather than being pursued as statewide investigations. However, by declaring a state of emergency, the opportunity to link these efforts together is enhanced. This is the current focus for Louisiana in moving forward.

In addition, the state plans to utilize all resources to analyze the details surrounding the cybersecurity attacks. Likewise, it will seek to develop better defense strategies while promoting effective remediation efforts. Reportedly, both public and private data may have been compromised in the school data breach. Thus, the state is continuing to investigate the potential ramifications of this. And at the same time, Louisiana hopes to provide cybersecurity insights for others in how to better prevent such occurrences.

Data Protection Laws in the Age of Surveillance Capitalism

In George Orwell’s 1984 fictitious dystopian society of Oceania, a telescreen is an instrument of surveillance. It broadcasts and picks up information simultaneously. Installed in every flat,  the telescreen is a commanding presence. Even within the confines of one’s home, Big Brother is always watching. Winston Smith’s trepidation of the telescreen is valid – he can dim it, but can never turn it off completely.  The significant parallels between Surveillance Capitalism and 1984 are quite unsettling. Our smartphones, laptops and most gadgets are modern-day telescreens. Throw in the buzzwords “predictive,” “behavioral,” and “targeted,” and we know companies know more about us than they should.

Living in the age of surveillance, the primary source of concern, therefore, is how people’s data are gathered and processed beyond what they have disclosed. The situation underscores the significance of data protection laws and regulations that protect people’s fundamental right to privacy.

The Birth of Surveillance Capitalism

Capitalism is an economic system that thrives by bringing a product or service into the marketplace. Players within the system have the power to assign value to the goods and sell them to the market. Following this framework, surveillance capitalism refers to the process of accumulating data and personal information with the intent of extracting profit from it.

Shoshana Zuboff, a social psychologist and author of the book “The Age of Surveillance Capitalism” states, “Surveillance capitalism was invented in Google in the year 2001, approximately, between 2000 and 2002.” The dot-com bubble burst around this period pushed the executives of Google to find a way to monetize the sophisticated technology of the search engine. Using surplus data from user searches, the company created predictions on what ads the users will notice and click. This prediction, therefore, became the blueprint of Google Ads and online targeted advertising.

Consequently, this paved the way for new advertising concepts such as pay per click, click-through rate, and online ads conversion rate. As computing and digital technology progresses, so does prediction technologies. Now, every industry – from automotive to textile – wants to dip their hands in the data-gathering market.

Every Click We Make: Living In the Age of Surveillance

Prediction technology has progressed significantly in the last decade. Living in the age of surveillance, companies collect a user’s geolocation, socioeconomic status, online behavioral patterns. They also siphon purchase and account profile data to create a reservoir of information. There is also the collection of every click, view, action, voice and text searches. This helps them generate a scale of data where they derive valuable predictions from.

For instance, a consumer looking to renovate his home searches the internet for information. The next time he logs online, the web pages will then display advertisements related to this previous search. The accuracy by which these predictions technology can forecast consumer behavior is, no less, astounding.

Data Protection Laws around the World

In 2016, the European Parliament and the European Council adopted the United Kingdom’s General Data Protection Regulation (GDPR). The implementation of the policies has taken full force last May 2018. With two years to prepare for the full implementation of GDPR, business and government agencies should be ready to keep pace with the requirements of the policies in the era of surveillance capitalism.

Living in the age of surveillance, China has implemented the PRC Cybersecurity Law in June 2017 to address cybersecurity and data protection issues on a national level. The implementation of Strengthening Online Information Protection National Standard of Information further strengthen China’s robust data protection policy and supplemental laws.

Surveillance capitalism in the Middle East is also highly regulated. For instance, the country of Bahrain has several laws with provisions relating to data protection. One example of such is the Amiri Decree No. 15 of 1976 concerning the Penal Code. The decree protects individuals’ right to privacy with provisions allowing sanctions against those who disclose information without consent from the concerned person.

In the US, sector-specific and industry-specific national privacy and data security laws and regulations are in place. The Children’s Online Privacy Protection Act (COPPA), Gramm–Leach–Bliley Act (GLBA), and The Health Insurance Portability and Accountability Act of 1996 (HIPAA) are some of these policies. On top of the over-arching national laws, there’s an implementation of data protection and privacy policies in each of the 50 states and territories.

Shane Morris talking surveillance capitalism
The age of surveillance capitalism requires a heightened level of personal attention when it comes to protecting data.

Ethical Use of Data in the Age of Surveillance Capitalism

Surveillance capitalism is a thriving ecosystem. The suppliers of data, the data analytics specialists, and the behavioral market makers harvest, process, and assign value to these data. At the end of the chain are industries that serve as a marketplace. The predictions from consumers’ data can help improve products and delivery of services. By principle, this model is mutually beneficial to the business and the consumers.

However, cases of abuse and exploitation of data are on the rise. One of the most significant cases that rocked the world was the Facebook-Cambridge Analytica Data Scandal. With millions of personal data harvested without consent and used for targeted political ads, Facebook learned the costly and hard way. The Federal Trade Commission (FTC) slammed Facebook with a billion-dollar fine for “misrepresentations about the privacy or security of consumers’ personal information.”

With the scale, quality, and depth of data collected, it is now possible to create accurate calculations and forecast consumer behaviors. However, without restrictions on the gathering, storing and processing of people’s data, the potential for misuse and exploitation is high. These realities hit businesses and therefore need to take the high road and uphold the people’s fundamental right to personal privacy.

Hydro Blockchain Can Simplify Complex Financial Systems

a cartoon of the different financial systems being simplified using hydro blockchain technology
Hydro Blockchain can make a bold impact by simplifying complex financial systems using open-source blockchain projects.

How can we help?