How to improve incident response in the public sector

Michael J. Del Giudice
How to improve incident response in the public sector

These three strategies can help public sector organizations improve their incident response and prepare for the inevitable security event.

Public sector organizations serve many citizens by providing critical public safety, utility, healthcare, infrastructure, transportation, and education services. In order to deliver these services without disruption, the public sector must acknowledge and address the constant threat of cybersecurity attacks.

Because it’s impossible to prevent cybersecurity events, public sector organizations must prepare – in advance – to handle them properly when they occur. Waiting until an attack takes place to begin planning a response can put your organization at a serious disadvantage.

Incident response involves a lot more than planning ahead. When shoring up security and incident response, here are three strategies your public sector organization can use.

Stay on top of public sector and cybersecurity and other insights by subscribing to Cybersecurity Watch.

1. Implement: Establish an incident response plan

Implement: Establish an incident response plan - It's important to understand the moving parts of incident response.

The following questions can help guide your public sector organization as it works through each action item of an incident response plan implementation.

Evaluate where your organization currently stands

  • Who will have a role in our incident response plan?
  • Are we in compliance with relevant regulations?
  • Do we have the right people with the right skill sets in place to respond to incidents?

Establish relationships with your third-party vendors

  • Do we have relationships with vendors to complement gaps in our capabilities?
  • Have we confirmed our program and communication are satisfactory with our insurance company to continue coverage?

Educate your team members on proper protocols

  • What is the first step employees should take if they suspect suspicious activity?
  • How and to whom should employees escalate perceived threats?

Consider incident response programs and tools

  • Do we have the correct systems in place to identify suspicious activity and perform triage and analysis?
  • When should we involve law enforcement?
  • Do we have effective backup programs in place?
  • If operations are affected, who can we contact?

Enact a communication plan

  • Do we have an effective, automated process in place to communicate with our organization and community?
  • Do we have solutions to communicate with the incident response team if network systems are not available?

2. Practice: Perform tabletop exercises

Once an incident response plan is in place, organizations should conduct regular tabletop exercises to make sure the plan is up to date and comprehensive. Running real-life scenarios provides excellent practice for team members without the pressure of responding to an event in real time. This can help them build the confidence they need to respond effectively to the real thing.

But it doesn’t stop there. These exercises continue to pay dividends when done consistently. Regular practice exposes strengths and weaknesses and helps teams home in on problem areas. Addressing problem areas now can strengthen your organization before an incident occurs.

3. Evaluate: Continually assess the overall cybersecurity program

The best prepared organizations have a resilient cybersecurity program that includes protection, detection, and response controls. These three pieces layered together can reduce the likelihood of a cybersecurity event and minimize the impact of security events.

Incident response is just one part of a cybersecurity program, but it’s crucial to strengthen the security posture of the organization in order to respond to threats. Your public service organization should continue to evaluate its cybersecurity program – including incident response – to address gaps and improve overall security.

Consistency is critical in improving incident response

Consistency is critical in improving incident response

Being well prepared for cybersecurity events doesn’t happen overnight. A solid incident response plan is a great start, but when that plan isn’t applied or practiced regularly across the entire organization, it can become useless.

Continually practicing and evaluating incident response can help each team in your organization know how to respond in the event of an attack. In the end, being prepared is much better than being surprised.

Get cybersecurity and other insights delivered directly to your inbox.

Related insights

Crowe can help your organization with incident response.

If you’re ready to take the first step, reach out to one of our experienced technology consultants today.
Michael Del Guidice
Michael J. Del Giudice
Principal, Consulting