The New Orleans Cyberattack
In December of 2019, the state of Louisiana was hit with a cyberattack that crippled services in several cities, prompting Governor John Bel Edwards to declare a state of emergency to minimize the potential fallout. All New Orleans city employees were ordered to shut down their computers in an effort to limit exposure.
The state-of-emergency declaration gave the state desperately needed resources to combat the cyberattack. A larger attack planned for later in the week was thwarted with the assistance of the FBI and the Governor's Office of Homeland Security and Emergency Management.
While the support of these government agencies is a sign of swift and intelligent action, emergency aid cannot be the first line of defense.
Cybersecurity Must Be Proactive
Cities are prime targets for ransomware attacks because the stakes are high. When cybercriminals lock down city servers, vital city services cease to function.
Louisiana is certainly not the first state with cities plagued by cybersecurity issues. Maryland, Texas, and others have also been at the mercy of bad actors. There is one thing these states have in common—a failure to create and enforce a proactive cybersecurity protocol. These attacks are prime evidence that a reactionary response to cyberthreats is a losing strategy.
How Cities Can Protect Themselves From Cybercrimes
A managed detection and response (MDR) service is the best way for cities to stay ahead of cyberattacks that wreak havoc. A full-fledged MDR service is a key part of any comprehensive cybersecurity strategy.
These core elements have to be included as part of an MDR protocol:
- Network inspection: Continuous network traffic inspection that detects malicious activity to/from suspicious IP addresses and domains.
- Log analysis and search: Automated collecting, normalizing, analyzing, and retaining of log data from existing networks, systems, and applications.
- Threat detection: Detect and identify malicious files, malicious traffic, bad IP addresses and domains, and east/west movement through Windows event log and system monitoring.
- Cloud security: Monitor cloud services, SaaS apps, IaaS infrastructure, and more to identify malicious user activity.
- 24×7 monitoring: Monitor on-premises and cloud resources 24×7 through a cloud-based security operations center (SOC) staffed by security analysts.
- Managed containment: Ability to detect and contain indicators of compromise and to prevent the spread of threats.
- Endpoint visibility: Unified endpoint technology that provides operational metrics, asset categorization, threat visibility, and detection and response.
- Incident response: Ability to identify critical security incidents from millions of suspicious investigations, escalate responses, and propose remediation action.
It's well-documented that cities and public sectors lack the resources and personnel to maintain a healthy level of cyber hygiene. To ramp up their cybersecurity and build a strong posture, they can turn to SOC-as-a-service with experienced security experts who can monitor and detect today’s increasingly sophisticated threats—and mount an effective response when cyberattacks occur.