Preventing the worst from happening may be the first step to approaching cybersecurity. But what about when the worst happens? What can agencies do in the event of a successful breach?
Cybersecurity experts will tell you, it’s not an “if” but a “when” problem.
At Govloop’s online training Wednesday, three panelists shared how agencies can stay resilient even when a cyberattack occurs.
Their one takeaway? Test, test, test. Remediation and recovery plans are critical, but they’re only as helpful as when they actually work. Here are three tips they offered for when your agency deals with a breach.
- Gerald J. Caron III, Chief Information Officer (CIO), Assistant Inspector General for Information Technology (AIG/IT), Office of the Inspector General, Health and Human Services Department
- Jeff Reichard, Vice President, Public Sector & Compliance Strategy, Veeam Government Solutions
- Scott Jobe, Area Vice President, Public Sector Engineering, Pure Storage, Inc.
Tip 1: Secure your last line of defense – backups
According to Reichard, 94% of organizations hit with ransomware had adversaries targeting their data backups.
Backups, which store copies of data periodically in case of an outage, are one of the primary tools to remediate and recover from a cyberbreach. Agencies can’t risk malware actors getting to these repositories.
That’s why immutability matters. Immutable backups prevent anyone – from newly hired admins to cyber adversaries – from changing or deleting copied data. This means the backups stay uncompromised, no matter who is accessing them.
“The value of immutable backups is that they are the last line of defense against the threat actor trying to derail the mission,” Reichard said.
Tip 2: Test backups
More than 50% of virtual attendees said their agencies have secure backups ready to deploy. But Caron had a follow-up question for the audience: How often are they tested?
“I don’t know how many times we had backups for things, but they didn’t work when we backed up,” Caron said. “If you wanna keep operations going, you have to be able to restore. Testing frequently is important.”
Eighty percent of organizations that paid randoms from cyberattacks became re-victimized, a cybersecurity study found. It’s critical for agencies to “clean their environment” and take advantage of automation to speedily recover from an attack, Reichard said.
“It’s not only about the plan, but testing the plan and testing it at scale,” Jobe said. “[That] ensures when a breach is recognized, recovery can happen in a timely manner.”
Tip 3: Focus on effectiveness over compliance
Agencies, especially in the federal government, can tend to be compliance-focused. But compliance doesn’t guarantee effective cybersecurity.
“If you look at the Executive Order on Improving the Nation’s Cybersecurity, the first word is strengthen, not comply,” Caron said. “Strengthen means effectiveness to me.”
Cybersecurity staff are at a point where they’re no longer preparing for annual audits – they are constantly being audited by their adversaries, Reichard said.
“Every organization in the public and private sectors is having 365 days a year of being audited,” Reichard said. “Our defense needs to be strong – checking a box once a year or having a fire drill no longer cuts it.”
This online training was brought to you by: