LAUSD Cybersecurity Plan Outlined After Ransom Demanded in Recent Hack
On September 6th the Los Angeles Unified School District (LAUSD), which includes more than 1000 schools and over 600,000 students, was the victim of a ransomware attack. In response to the attack, the district board decided to shut down every technology system they had running.
“We did not know at that time what areas were targeted, what entity was targeting us,” declared superintendent Alberto Carvalho. “We were unaware how deep, how complex this incident, this action, was. So, as a matter of protection, we basically shut down every one of our systems.”
This move proved to work for the short term, as the school district was able to resume normal operations following the Labor Day holiday. The only systems that were adversely affected were the District’s website and email systems. All financial and healthcare systems remained intact.
Vice Society, a hacking group that targets high profile municipalities and corporations with ransomware attacks, claimed responsibility for the cyberattack, but had yet to make any demands. Passwords were changed at the district level and for 2 weeks, and no further suspicious activities occurred.
Then, on Wednesday the 21st, Alberto Carvalho made a public announcement that Vice Society was demanding a ransom. Almost 2 weeks later, the group came back with expectations. “We can acknowledge … that there has been communication from this [hacker], and we have been responsive without engaging in any type of negotiations,” said Carvalho, as quoted by Deadline. “With that said, we can acknowledge at this point … that a financial demand has been made by this entity. We have not responded to that demand.”
The details of the demand and circumstances in which they encompass are still being kept private.
The LAUSD has spent the last few weeks putting together a plan for protection against cyberattacks like this in the future. Unfortunately, this story highlights the critical mistake of not taking proactive steps to avoid cyberattacks.
The plan that the LAUSD is going to implement should provide strong protection in the future. C3 Tech has dissected this plan, in an effort to showcase how these steps are a fantastic cybersecurity roadmap for municipalities, corporations, and businesses of any size to follow when wanting to protect themselves against attacks.
The plan includes:
- Independent Information Technology Task Force: Charged with developing a set of recommendations within 90 days, including monthly status updates
- This service is customary when working with C3 Tech.
- A diagnostic pulse check of any existing cybersecurity measures will help identify areas that can be potential weak spots. Ongoing support means nothing falls behind.
- Additional human resources: Deployment of IT personnel at all sites to assist with technical issues that may arise in the coming days
- At C3 Tech, the cloud-based solutions implemented bring remote teams closer than ever before.
- 24/7 monitoring support with C3 Tech experts means businesses are aware of any potential threats, at any time, and have an immediate response.
- Technology investments: Full-scale reorganization of departments and systems to build coherence and bolster data safeguards
- Investing in cybersecurity hardware and software is one of the best insurance measures a business can take in 2022.
- Cyberattacks happen all year long and target all sized entities. Do not discount the importance of cyber protection.
- Advisory council: Charged with providing ongoing advisement on best practices and systems, including emerging technological management protocols
- With C3 Tech, you have an advisory council, with over 25 years of experience.
- 24/7 monitoring support and ongoing technical recommendations, means every client has a true cybersecurity partner that understands their industry.
- Technology advisor: Directed to focus on security procedures and practices, as well as conduct an overall data center operations review that includes an assessment of existing technology, critical processes and current infrastructure
- Cloud based solutions to everyday challenges means C3 Tech is your technology advisor.
- On site training, staff updates, technology recommendations and data center support. All from a local Orange County tech support team.
- Budget appropriation: Directed appropriation of any necessary funding to support Information Technology Division infrastructure enhancement
- C3 Tech works with any sized Orange County enterprise or company.
- Customized cybersecurity plans that are designed to work with any budget means no business owner walks away unprotected.
- Employee training: Develop and implement mandatory cyber security responsibility training
- On-site training is a core principle of C3 Tech.
- Ongoing training is a must in a world constantly changing.
- Forensic review: Expand ongoing assistance from federal and state law enforcement entities to include a forensic review of systems
- C3 Tech ensures regulatory compliance wherever needed.
- A deep dive and understanding into current trends, market movements, and regulatory changes means clients are always in compliance.
- Expert team: Creation and deployment of an expert team to assess needs and support the implementation of immediate solutions.
- C3 Tech is the expert technology and cloud based support team that every Orange County business needs.
- Solutions offered by C3 Tech are built on more than 2 decades of cybersecurity and network security experience.
The ransomware hack against the LAUSD is another example in a long line of cyber security oversights that end in serious pain. The outcome is still unknown, but it’s easy to guess the ending. Had this plan been implemented in the first place, it’s likely the hacking group would not be able to make any demands at all.
Develop a plan today and avoid becoming another security example.
C3 Tech ensures that the cybersecurity plans implemented are designed to meet the security needs of today and be ready for the challenges of tomorrow. C3 Tech builds custom solutions around IT services, copiers and multifunction printers, network security, data backup/recovery and more!
Contact C3 Tech today for a complimentary network assessment (value of $2500).