Nov
17

New Cybersecurity Incident and Response Playbooks Released by CISA

New Cybersecurity Incident and Response Playbooks Released by CISA

November 17
By

The orders came straight from the top. The President’s May 2021 announcement of the Executive Order on Improving the Nation’s Cybersecurity directed the federal government to bring the “full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.” That includes ensuring federal information systems meet or exceed the cybersecurity standards outlined in the order.

In response, the Cybersecurity & Infrastructure Security Agency (CISA), has just published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. While the playbooks were created to provide federal civilian executive branch (FCEB) agencies with cybersecurity incident and vulnerability response procedures, CISA encourages all state, local, territorial, tribal, and private sector organizations to review them to benchmark their own vulnerability and incident response practices.  

Standardized Response Processes

The playbooks focus on two primary areas. The Incident Response Playbook provides procedures and processes for:

  • Preparation
  • Detection and analysis
  • Containment
  • Eradication and recovery
  • Post-incident activities
  • Coordination

The Vulnerability Response Playbook offers the same support for:

  • Preparation
  • Vulnerability response process
  • Identification
  • Evaluation
  • Remediation
  • Reporting and notification

Small Lapses Lead to Big Ransomware Vulnerabilities

This week the House Committee on Oversight and Reform also released a memo stating that a series of “small lapses” in cybersecurity led to several recent major breaches and ransomware attacks. The example noted in the memo was that of a single user using a weak password that opened the door to hackers. They may have been referring to Colonial Pipeline being compromised by a single stolen password linked to a profile. That attack led to gas shortages in several states earlier this year after the company was forced to shut down the pipeline. The company eventually paid the attackers around $4.4 million in Bitcoin, the majority of which was later recovered by the Justice Department.

Cybersecurity Education is Your Best Defense Against Ransomware

The House memo also notes that, with seemingly robust security systems falling victim to simple attack vectors, security education and other proactive security measures are critical. In fact, 85 percent of breaches involved the human element, while 36 percent involved phishing. A recent, simple, seven-question cybersecurity assessment quiz resulted in 60 percent of respondents failing. What’s even more frightening is that less than 1 percent of respondents got all seven questions right.

So, an effective, ongoing security awareness training program is vital to prevention. The key word here is effective. Look for a training partner that has a proven track record in delivering measurable results in cybersecurity awareness. One study found that employees who receive security awareness training are significantly better at recognizing security threats than those who haven’t received training. And the difference is substantial, with 23 percent of IT/security professionals reporting untrained employees as “capable” or “very capable” of recognizing cyberattacks compared to  . The percentage spread is much the same for targeted emails, social media, and web scams.

Make Sure You Have a Last Line of Defense

There is no way for you to be 100 percent certain that your data and systems are safe from cyberattacks. That’s why you also need a last line of defense, leveraging backup and data recovery processes with well-defined frequency, as well as data storage features like continuous data protection, which takes immutable snapshots of your complete data set. That way, if a ransomware attack is successful in encrypting your data and corrupting your primary file system, the snapshots are completely unaffected—they can’t be altered or deleted.

Get Expert Guidance

With so much involved in keeping your data and systems safe and security, it’s worth talking to a backup and data recovery professional from StorageCraft, an Arcserve company. Or you can dive into your options by watching an on-demand demo.