Cyberattack Response and Recovery
October 11, 2021 by Meredith Trimble
Cyberattacks are a persistent threat, plaguing local governments and school districts of all sizes. In today’s threat environment, it’s not if but when a cyberattack will occur. The good news is effective response is possible with the right preparation. And the right preparation involves the entire organization, not just IT staff.
Rick Simonds, vice president and general manager of Tyler Cybersecurity, recently led a live webinar to discuss how government and school district leaders can create the best possible incident management plan. Following are some key highlights from the discussion.
Incident Response Plan Phases
Simonds described six distinct phases making up a comprehensive incident response plan. “Preparation is the first and most important phase,” he noted. Preparation includes activities that enable staff and leaders to respond to an incident. This critical phase includes:
- Training: The incident response team needs to understand their roles and responsibilities.
- Budget: Your plan must be funded and in place before an incident occurs.
- Practice: Tabletop exercises are key for continuous plan evaluation and adjustment.
The other phases Simonds discussed in detail included:
- Detection
- Containment
- Investigation
- Remediation
- Recovery
Developing and implementing the plan sets jurisdictions up for a strong, smart cybersecurity culture and positions them well for quick, effective recovery.
Continuity of Operations
In addition to implementing the strategic and tactical components of a response plan, including testing and ongoing practice, Simonds noted the importance of a continuity of operations plan.
Such a plan is a unified strategy for event management that consolidates common elements across:
- Disaster Recovery & Business Continuity Plans
- Pandemic Plan
- Incident Response Plan
- Aspects of Vendor Management Plan
Consolidation translates into one team, one decision tree, one communication plan, and one set of network and data flow documentation. Teams can implement any sub-plans tactically, as needed.
Simonds cited the well-known Benjamin Franklin quote, “If you are failing to plan, you are planning to fail.” Cyberattacks on governments and school districts include denial of service, website compromise, malware or ransomware, supply chain compromise, and zero day vulnerability. A new remote workforce only compounds risk. Developing, implementing, and testing an incident response plan can spare organizations from the worst of these attacks.