The City of New Orleans declared a state of emergency on Friday, December 13th due to a cybersecurity attack. Information is scarce, although Mayor Cantrell confirmed that the attack was a ransomware attack during a press conference.
On December 16th, City Council President Helena Moreno admitted that it's hard to gauge how soon city computers will be restored. Moreno stated – "When you have around 4000 computers impacted and to bring just one computer back, apparently, it takes several hours to half-a-day, just think about that times 4000."
New Orleans did the right thing by declaring a state of emergency when the attack was detected. This occurrence should set a precedent for how serious cyber-attacks are and prompt other state and local governments, as well as businesses to create or update their cyber recovery plan.
Collectively, we have reached the point where cybersecurity attacks are not a simple inconvenience that can be covered up with paying fines. Just like the attack on New Orleans, cyber-attacks are impacting human lives negatively and are having significant ripple effects.
Corporate Vice President of Microsoft’s Cybersecurity Solutions group, Ann Johnson, recently spoke at Ignite 2019 on the principle of Operational Resilience.
Operational Resilience refers to the ability of an organization to maintain business operations regardless of an event. Ann mentions that data fraud and cyber-attacks need to be dealt with in the same way that traditional disasters are dealt with.
That being said, every business should ensure their cyber recovery plan is tested, governed, and includes the same stakeholders as the disaster recovery plan.
Do you think New Orleans did the right thing? Drop me a note on LinkedIn and let me know.
To get monthly updates, sign up for my newsletter here.