The Importance of Comprehensive Breach Response

This post is an excerpt from GovLoop’s recent industry perspective, “A Holistic Approach: Tackling Cybersecurity with Compromise Assessments & Incident Response.”

When a breach occurs, perception is reality. How quickly and effectively you respond is vital for government agencies to protect their data and ultimately their reputation with stakeholders. Agencies must be prepared to act decisively.

In the incidence of a breach, HPE and Mandiant (FireEye) can help diminish the operational and reputational fallout for agencies. Mandiant (FireEye) solutions will remove malware, identify exposed vulnerabilities and, take steps to mitigate network damage. “In this partnership, HPE leverages FireEye for a huge portion of the technical response, while also bringing the experience of our senior consultants to bear against the executive breach response task,” explained Al Kinney, Director of Strategy and Operations for Enterprise Security at Hewlett Packard Enterprise (HPE).

“It’s more than a technical solution, because when you talk about incident response, you also have to talk about executive breach response,” he continued. “When you’re dealing with a large organization, whether it be a commercial organization or a large government agency, there are implications beyond the technical fallout that [agency leaders] have to deal with.”

As we witnessed in the wake of recent large agency breaches, more than information is lost when government cybersecurity fails. Without an executive response plan, any incident can go from bad to worse very quickly. Citizens may view the organization as more vulnerable or less trustworthy, preventing agencies from effectively engaging their target audience. Moreover, agencies have to spend time and resources to publicly address the intrusion, while also addressing any internal personnel issues that contributed to the breach.

Government leaders are charged with handling these extenuating circumstances while also keeping the agency running. “You have to make sure that you have taken all the technical actions, all the human resource actions, and all the regulatory actions that may be required in terms of reporting what you’ve lost. You have to protect the mission and people, as well as the infrastructure itself,” said Kinney.

Retired Rear Adm. David Simpson, Chief of Public Safety and Homeland Security Bureau at the Federal Communication Commission agreed: “In any organization, you’re not good at cyber until you recognize that you own it, it’s your problem, it’s your issue and it’s aligned with your mission. It’s that personal accountability that needs to be generated.”

In concert with FireEye’s technical solutions, HPE’s Executive Breach Response helps agencies take ownership and protect their mission by addressing the perception and trust issues that accompany a breach.

HPE can help an organization avoid one of the largest exacerbations of a breach – poor communication – by spurring leadership to craft effective, coordinated messaging. “You want to maintain the confidence of your customers going forward,” said Kinney. “So you have to craft those messages and put them out in a timely fashion, that show you have confidence even though you were breached. You must explain that you know what happened, you’re taking action against it and you’re going to put these extra measures in place to protect the customers who were exposed.”

Additionally, Kinney said it’s important to place the breach within the context of a larger cybersecurity and threat landscape, in order to give the public a better understanding of what occurred and how the incident may affect them. “What’s the context of the breach beyond the technical point of view? Translating this into the context of business processes is something we do for our customers. We can help them understand and communicate the full context of the breach in terms of how a particular adversary is operating globally and what they are seeking to accomplish across other industries and geographies. This open-source threat intelligence helps commercial as well as public sector organizations tell their story about how they are countering sophisticated adversaries on a regular basis.”

Even as FireEye deploys tactical solutions to a breach, HPE’s Executive Breach Response team can help agency leaders protect the reputation and operation of the organization.

For more information on achieving comprehensive breach response, as well as robust compromise assessments, be sure to check out our latest industry perspective from HPE and FireEye (Mandiant).



Leave a Comment

Leave a comment

Leave a Reply