Reporting Is Lacking, Especially Among Small Governments
Dr. Alan Shark, vice president for public sector and executive director of CompTIA’s Public Technology Institute, says he isn’t surprised by the findings, which generally align with his own organization’s research in the field.
“There are some really small operators out there — small, local governments — and I’m very worried in terms of, not their dedication, but their capacity to respond in a meaningful way and in a timely manner,” he says.
Incident response plans cover everything from who will be communicating on behalf of a company to how to shut down systems to prevent further compromise, as well as priorities for the recovery phase and more.
LEARN MORE: Ransomware prevention best practices for state and local governments.
Aside from helping to streamline an organization’s response and help curb losses from an attack, one often overlooked reason for having an incident response plan is that cybersecurity insurance companies — enlisted by 60 to 75 percent of state and local government agencies, according to Shark — often require that they be the first contact in the event of an attack. Without an incident response plan in place, that reporting requirement could be missed, and agencies would be in violation of their agreement.
Shark says government agencies should not only have a plan but practice it often. When ransomware attacks happen, threat actors typically give a tight deadline, such as 72 hours, for victims to act.
“Imagine a firefighter going to a fire and, on the way, deciding how they’re going to tackle it,” Shark says. “You need to know what buttons to press, what levers to pull at the right time when something happens, because time is not on your side.”
Brought to you by: