Subscribe to NetSec NewsElection season is firmly upon us. We are facing increasing cybersecurity threats with government agencies all across the country falling prey to cyberattacks. These attacks have resulted in financial loss and system wide shutdowns. The frequency, organization, and impact of these cyberattacks are growing. The question is clear; when it comes to Elections Security, are we ready?
In 2019, Ingalls was called upon to respond to ransomware attacks against a significant number of commercial, non-profit, and government organizations. In the performance of this work, we started to see a pattern that led us to develop a threat model we believe could potentially disrupt the upcoming presidential election. This model is based on capabilities that we know our adversaries possess and so we submitted it to the National Association of Secretaries of State (NASS). We hope that by sharing this threat model we can raise awareness. We believe this threat is entirely avoidable, but still very possible due to the current state of cybersecurity risk management.
We have seen countless cases in which victims believed they had adequate security controls in place, when in fact, the attackers were able to execute ransomware encryption software despite a popular antivirus being installed. However, even with the best controls in place breaches can still happen. In addition to comprehensive security monitoring, next generation anti-virus, multi-factor authentication and the other necessary security tools, in this Election Season, Incident Response Readiness planning for government agencies is critical.
So, what does incident response readiness planning look like?
|
Incident Response (IR) Plan |
An Incident Response Plan (IRP) will outline how to minimize the duration and damage from a security incident, identify responsibilities of participating stakeholders, streamline forensic analysis, and hasten recovery time. |
|
Incident Response (IR) Playbooks |
Develop detailed playbooks that document actionable sets of steps a government agency can follow to successfully recover from a cyber event. The playbooks focus on unique types of cyber events and be tailored to fit the dependencies of the organization’s people, processes and technologies. |
|
Incident Response (IR) Tabletop Exercise |
Perform immersive exercises simulating actual cyberattacks that challenge the Incident Response Team to practice expedient coordination and mobilization, incident investigation, identification of gaps in the Incident Response Plan and identification of risks in the Incident Response process. |
|
Incident Response (IR) Retainer |
Incident Response (IR) Retainers allows your external security team to act immediately when you have a data security breach or incident. Under this type of agreement, your organization will be able to plan for the worst and rest easy knowing that qualified experts are on call to respond quickly. |
About Ingalls
Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.
