On July 24th, Louisiana’s Governor John Bel Edwards declared a state of emergency for the entire state of Louisiana. It wasn’t for a hurricane threat arising out of the Gulf or a series of tornado’s racing across the state. Instead, the triggering events were cybersecurity attacks affecting several large northern state school districts. The governor’s response highlights the level of attention these events now attract.
By declaring a state of emergency in response to the school data breaches, Governor Edwards mobilized needed resources. Not only does a state of emergency provide access to the National Guard and the Louisiana State Police, but it also provides resources through state universities and the Louisiana Office of Technology Services. Given that the school data breach occurred via ransomware, such resources can be vitally important.
Cybersecurity Attacks Out of Control
The school data breach in Louisiana is not anything new when it comes to cybersecurity attacks against schools. In 2018, cybersecurity attacks against the Florida Virtual School affected thousands of students. Likewise, ten years of information was stolen from a San Diego’s school system in a school data breach last year. And in terms of declaring a state of emergency for a cybersecurity breach, Louisiana is not the first either. In 2016, Colorado Governor John Hickenlooper did the same after a DOT data breach.
While the school data breach in Louisiana and its reactions are not novel, these events demonstrate their increasing occurrence. Several key cybersecurity statistics support this claim. For example, cybersecurity attacks target businesses every 13 seconds, and the costs of cyber-attacks approach $5 trillion presently. Likewise, ransomware, which holds its recipient hostage until some task is performed, is increasingly common. Ransomware attacks grew 350 percent last year, costing $10 billion overall in 2019.
Barely a month since Louisiana declared a state of emergency, 23 local government agencies in Texas have also fallen victim to ransomware attacks. The Texas Department of Information Resources (DIR) is investigating the origin of the attack but emphasizes that response and recovery are high on its priority list for now. Damages caused by the wave of malware attacks have reached $12 million. Texas Governor Greg Abbot declared a Level 2 Escalated Response right after the attacks.
What Can Organizations Do to Prevent Business and School Data Breaches?
While declaring a state of emergency grants access to needed resources, preventative efforts are much more effective. One reason that prevention is more effective is that most cybersecurity attacks are not noticed for six months. Not a bad lag time for a cyber-criminal. In addition, over 90 percent of all malware is launched through phishing emails. Thus, the opportunity to educate and invest in protective measures is quite feasible in deterring business and school data breach events.
Increasingly, all types of organizations are investing in cybersecurity measures and professionals for enhanced protection. By 2024, expenditures on cybersecurity, in general, is expected to reach $1 trillion. Given the risks and costs associated with business and school data breaches, such investments are actually reasonable. But unfortunately, demand far outweighs supply. Currently, there are around 300,000 unfilled positions for cybersecurity professionals in the U.S. presently. And this figure may rise to three million or more in a few years. Thus, finding the right professional to prevent cybersecurity attacks should be a priority for most organizations.
Assessing the School Data Breach in Louisiana
As noted, the school data breach in Louisiana affected three northern parishes and involved ransomware. But the bigger issue that the state has identified is its lack of coordination throughout the state. Prior cybersecurity attacks had been handled as local events rather than being pursued as statewide investigations. However, by declaring a state of emergency, the opportunity to link these efforts together is enhanced. This is the current focus for Louisiana in moving forward.
In addition, the state plans to utilize all resources to analyze the details surrounding the cybersecurity attacks. Likewise, it will seek to develop better defense strategies while promoting effective remediation efforts. Reportedly, both public and private data may have been compromised in the school data breach. Thus, the state is continuing to investigate the potential ramifications of this. And at the same time, Louisiana hopes to provide cybersecurity insights for others in how to better prevent such occurrences.