Your government organization has access to a large amount of private data. You need to safeguard your data and implement a proper recovery program for when the cyber attack happens. It is important to remember that not all cyber attacks are deliberately initiated – it can be as simple as an unknowing employee who succumbs to a cyber threat by accessing an email or visiting a website without even being aware of what transpired.
Understanding the cybersecurity risks to your organization starts with a structured cyber governance program – one that proactively performs recurring risk and vulnerability assessments, has a documented, tested data management and incident response program in place, and keeps abreast to the security maturity of any internal and external business partners. Having a plan in place to ensure your employees and business partners know their responsibilities in the event of a cyber attack is at the core of a successful recovery.
An organization that is proactive to minimize risk is one that survives when others do not. The first step to creating a response plan is evaluating and answering, “What is the maturity of my cyber governance program?” A thorough cyber governance program with a mature incident response program can save you money and, equally important, lessen the impact of a breach. Once a breach in security has occurred, your teams must be able to immediately carry out the response plan. With a plan in place, you will be prepared with the knowledge and protocol of what to do next, which will depend on your priorities and the type of breach sustained.
Specific to government organizations, a breach caused by ransomware can mean millions of customer and resident data files at stake. You must take inventory of your data and information ahead of an attack, assessing the breadth of the risk to mitigate the exposure to the government and its citizens. In the event of an attack, you may question your response plan, or even consider paying the ransom.
In fact, the 87th Conference of Mayors announced that it does not condone engaging in the payment of ransomware. While such a non-partisan entity has stated an opposition to paying ransomware, it is important that every entity understand its objectives and actively plans and tests recovery methods to fit its specific needs.
Even if you pay the ransom, your systems may subsequently not have the same integrity, may not be completely recoverable and still be susceptible to the same type of intrusion again. Your legal and fiduciary liabilities, as well as regulatory standards, can complicate matters and hinder life after an attack. Due to these risks, a formal, tested, tactical and operational incident response plan designed to be operational at a moment’s notice is critical. Establishing cybersecurity accountability and reporting lines can ease communication to impacted constituencies and have your organization recovering sooner. For your government organization, having the correct cybersecurity and a tested response plan could mean the difference between protected data and a cyber breach of confidential information. Make sure you have a plan in place before it is too late.