The following blog post is an excerpt from a recent GovLoop guide: Your Cybersecurity Crash Course. We solicited the GovLoop community to learn their top cyber challenges and the report, we answer 12 of their most pressing cyber questions.
Having a strong cyberattack response plan is critical to the security and effectiveness of any organization. Recent data security breaches involving Target, P.F. Chang’s, Sally Beauty Supply and most recently The Home Depot have reaffirmed the importance of being prepared for such attacks. The initial response to an attack is crucial, but the preparation and groundwork agencies do beforehand is of equal, if not greater, importance.
To prepare, the New York-based Practical Law Company suggests creating a risk rating to classify reported incidents on a scale of low, medium or high risk. This way, when an incident occurs, the appropriate response can be promptly deployed. Additionally, a compliance work plan should be created — and updated frequently — that includes policies, code of conduct, training and specific incidence response procedures related to cyber risks.
When cybersecurity infrastructure is set in place, the first hope is that it does well enough for the agency to not have to worry about an attack. Simply assuming you’re safe, however, is never a good idea. So, should an attack occur, the response team should conduct an initial investigation using a predetermined checklist in the incident response plan to ascertain how serious the attack is. Regardless of severity, however, the response team should always aim to stop the intrusion from spreading and appropriately document the investigation.
This response should be swift, said Gene Quinn, a patent attorney and founder of IPWatchdog. “Pull the plug to stop the attack, identify what from a technical standpoint allowed malicious access, fix the technical glitch, make sure that no latent vulnerabilities exist and improve security before considering going back online,” he said.
It is crucial to act swiftly because hackers know they have a limited amount of time to disseminate the information — credit card, medical and other sensitive data — they find, so the quicker the response, the better. Additionally, installing new security software and password protections to prevent similar attacks in the future is a must.
After the response, an internal investigation is important. Practical Law Company notes that an investigation allows an agency to:
- Gain a fuller understanding of the computer intrusion.
- Increase its chances of identifying the attacker.
- Detect previously unknown security vulnerabilities.
- Identify required improvements to computer systems.
Unfortunately, even if your organization does everything right, it is still likely that damage will be inflicted from a successful attack. One example comes from Novice to Advanced Marketing Systems, a provider of marketing training courses and materials, including online seminars. It lost $75,000 in the effort to overhaul its computer systems in response to a malicious attack. “An ounce of prevention is certainly worth at least a pound of cure!” Quinn said.
There are many great resources for CIOs, IT workers and public managers. Some we recommend include:
- The Computer Security Incident Handling Guide, published by NIST, which assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
- The SANS Institute provides information security training and security certification, and research documents about various aspects of information security.
Cyber threats are increasingly pervasive and hackers are becoming more and more sophisticated. And seeing that the Centers for Disease Control and Prevention has a plan for a zombie apocalypse, there’s no reason for public agencies to not have a plan in place for cyberattacks.
To learn more about cybersecurity, be sure to check out the report: Your Cybersecurity Crash Course
Photo Credit: FlickR Creative Commons, Perspecsys Photos