Cyber Watch – Are You Really Resilient?

By: Dean C. Gallup MBCP CISM, Director, Cybersecurity and Business Resilience Consulting, Advantaged Solutions, Inc., Vice-President, Mid-Atlantic Disaster Recovery Association (MADRA) Your cyber resilience program can define your agency or organization’s ability to respond to and recover from a cyberattack or infiltration, while minimizing impact to your core business processes and maintaining integrity of critical data and systems. Agencies have been working hard over the past several years to harden their systems and processes against cyber threats, such as malware, ransomware, infiltration and other acts of sabotage. However, organizations are still falling victim, and without careful planning and preparation. Recovery can take days, weeks, or months, and cost thousands of dollars (if not millions). Last month, the Federal Depository Library Program was hacked, with screens replaced with Pro-Iran messages. While superficial with no lasting damage, it exposed vulnerabilities in systems that were exploited to gain entry. The National Institute of Standards and Technology (NIST), recognizing the need for guidance in developing effective responses to cyberattacks and infiltrations, has drafted two special publications: NIST SP 1800-25: Identifying and Protecting Assets Against Ransomware and Other Destructive Events and NIST SP 1800-26: Data Integrity Detecting and Responding to Ransomware and Other Destructive Events. These draft guides expand on the April 2018 NIST Cybersecurity Framework 1.1, and expand on the five core functions of the Framework: Identify, Protect, Detect, Respond, and Recover. Guidance provided in these documents includes:
      • develop a strategy for detecting and responding to a data integrity cybersecurity event
      • facilitate effective detection and response to adverse events, maintain operations, and ensure the integrity and availability of data critical to supporting business operations and revenue generating activities
      • manage enterprise risk (consistent with foundations of the NIST Framework for Improving Critical Infrastructure Cybersecurity)
Given the world we live in, and the constant cyber infiltration and attack events on our governments, the reality is that at some point there will be a successful attack, be it malicious code, ransomware, or data manipulation/theft, on your agency or organization. Planning for a coordinated and effective response to an attack through cyber resilience concepts can minimize a potentially serious impact on your agency. A well-defined cybersecurity framework is essential. So is hiring staff who operate, manage, or use any of your organizational services or assets. The best time to start this planning was several years ago; the next best time is right now.