A Weekend in Incident Response #25: Closing the Gap in U.S. Federal Agencies Cyber Security

In March, the U.S. Office of Management and Budget (OMB) released a report on the cyber performance of federal agencies, revealing that a total of 30,899 cyber incidents were reported by them in fiscal 2016. The OMB states that this is an alarming figure and that it indicates that there are significant gaps in the cyber defenses of federal agencies across the country.

According to the report, federal agencies have made good progress in improving their cyber defenses last year, but are still quite vulnerable to cyber attacks and need to ramp up their efforts for protecting their networks and data. Of the almost 31,000 incidents in 2016, a total of 16 have been designated as major incidents, which means they had the potential to threaten national security, the economy, civil liberties, or relations with foreign countries. With this in mind, federal agencies need to keep stepping up their efforts for strengthening their defense against cyber attacks.

Detecting and Preventing Malware and Phishing Attacks

Given that the report states the vast majority of cyber incidents reported by federal agencies involved phishing attacks and malware infections, they are now advised to look into improving their capabilities to respond to these types of attacks and detect and prevent them in the future. There are a couple of ways this can be done. When talking about cyber incident response, one of the most cost-effective and efficient solutions is employing an automation-and-orchestration cyber incident response platform, capable of keeping cyber security events under control, mitigating risks and improving an organization’s ability to prevent future attacks.

These platforms have wide-ranging features that give Computer Security Incident Response Teams (CSIRTs) the opportunity to detect, track and predict cyber security breaches immediately. There are platforms that can help reduce reaction times when responding to an incident, through the employment of automated playbooks designed to accelerate the response to specific types of attacks – such as malware or phishing attacks, which are often faced by government agencies.

Integrated Knowledge Base to Guide You Through the Response Process

Through the use of those playbooks, as well as the available integrated knowledge base, cyber security professionals can quickly identify where an attack is coming from and determine the location of the infected or breached device or part of the network, and follow that up with the containment of the damage to prevent it from spreading.

What’s more, these types of platforms can create automatically generated reports on every incident, in addition to collecting digital evidence for forensic investigations, allowing for the quick notification of law enforcement and provide them with the necessary documentation, thus complying with data breach notification and reporting regulations.

This approach can increase cyber security teams’ ability to resolve incidents in a timely manner and prevent government agencies from losing valuable and sensitive data that could be used by attackers for ransomware or to damage the country’s critical infrastructure.