IT systems supporting government organizations are inherently at risk. Without proper safeguards, these systems are vulnerable to individuals and groups with malicious intent who can intrude and use their access to obtain sensitive information; commit fraud and identity theft; disrupt operations; and launch attacks against other computer systems and networks. Thus, government organizations need to effectively manage their cybersecurity risks and respond when incidents or breaches occur. The best time to plan such a response is before the attack occurs.
Organizations can and should take the following steps to protect their IT resources and plan for cyber-attacks.
1. Identify mission critical data and assets.
2. Implement appropriate security and privacy controls to protect your assets.
3. Specify contractor requirements for incident response.
4. Create and test an actionable incident response plan.
Even with reasonable security controls, government organizations can and do fall victim to cyber attacks and incidents. A quick, effective response to these incidents is essential to minimizing the resulting harm and expediting recovery. Taking prompt action and effectively executing a well thought-out and actionable plan can help to contain the scope of the incident or breach and limit its impact on organization operations and information.
Organizations can and should take the following steps during a cyber-attack.
1. Make an initial assessment.
2. Implement measures to minimize continuing damage.
3. Recover and restore operations.
When a cyber incident or breach occurs, limiting its effect on affected parties is a primary concern. Additionally, assessing the underlying causes of the incident and organization's response can identify opportunities for improving the security controls, as well as the planning and execution of the incident response plan. The lessons learned can assist organizations with taking the necessary steps to reduce the likelihood and impact of future incidents.
Organizations can and should take the following steps after a cyber attack.
1. Assess and mitigate risk to affected parties.
2. Conduct post-incident reviews.
3. Implement corrective/preventive measures.
- Scan all your computers using your virus detection software.
- If a virus is detected, use the software to remove the virus. If the software cannot remove the virus, disconnect the affected computer from the network and contact your hardware vendor.
- The FBI recommends that you shouldn't pay the ransom.
- Disconnect all computers from the network.
- Call your software vendor to start rebuilding backup media.
- Call your local law enforcement agency.