Don’t panic
Cybersecurity incidents are inevitable, but agencies can learn to respond in a way that minimizes the impact and protects against future attacks.
ASSESS
Assess the situation calmly. Identify the source of the breach, and completely remove the hacker from the network. Don’t pay ransom money; instead, recover what you can from backups.
REPORT
Notify employees and others who might be directly affected by the breach and make the required disclosures to regulators.
PLAN
Deploy internal “red teams” to reveal weaknesses in your systems’ defenses, and use each cyber incident as a learning experience to strengthen your crisis management plan.
EDUCATE
Educate users about cybersecurity and phishing attacks in particular. Well-trained employees are essential to a robust network.
been caught during standard security reviews.
FOREWARNED IS FOREARMED
Although they are often seen as being at a disadvantage compared to their private-sector peers, government in- formation security professionals might actually be better at handling breach post-mortems, said Joshua Douglas, chief strategy officer at Raytheon Fore- ground Security, a security services and training firm that works with public- and private-sector organizations.
Government agencies and defense contractors, for example, often con- duct more thorough analyses than
commercial companies do after a hack. “They are really getting a better un- derstanding of what has been lost,” he added. “The [Defense Department] space especially is becoming an influ-
encer of commercial companies.” Indeed, Crook said the Texas De- partment of State Health Services of- fers a “prime example of a hack that occurred and was successfully defeat- ed.” Although the department was us- ing state-of-the-art firewall software to minimize the threat of a malware- based breach, a user downloaded a vi- rus that was too new to be caught by
virus-scanning software.
As a result, tens of thousands of files
on a hospital’s server were encrypted by ransomware.
Department officials quickly caught the issue, however, and managed to roll back the files to a healthy state without users even noticing. “With a small data protection interval, DSHS fortunately lost zero files,” Crook said, but he added that “while backup will always play a huge role as a ransom- ware countermeasure, securing your perimeter and better educating your employees on breaches are also crucial steps to avoid paying ransom.”
Casey Ellis, CEO of Bugcrowd, a crowdsourced testing platform for en- terprise security, concurred. “Breach
GCN MARCH/APRIL 2017 • GCN.COM 47