Ransomware occurs when a user clicks on a bad link or downloads a file in a malicious e-mail that causes the user to be locked out until a ransom is paid. According to the FBI, criminals are netting an estimated $150 million a year through ransomware attacks. In a real ransomware attack, you would be asked to pay a ransom in order to unlock the device and restore your files.
In recent years, the cyber threat landscape has evolved and cybercrimes have become more frequent, more costly, and more sophisticated. Now more than ever, cybersecurity is paramount for personal, organizational, and national security. To address this vulnerability, Hagerty Consulting developed a programmatic approach to cyber incident management: the Cyber Nexus Approach (CNA).
Scroll to Learn More...
it's in our CNA
Nearly two-thirds of all publicly known ransomware attacks in the U.S. in 2019 targeted state or local governments.
To effectively prevent, respond to, and recover from cyber disruptions, emergency management, information technology/operational technology (IT/OT), local and state government partners, and private sector partners must collaboratively establish plans for managing complex cyber incidents and test those plans. Ensuring cyber preparedness establishes relationships pre-event and tests viability of planning. Effective planning leads to hardened, more resilient systems, effective alert systems, and a clear chain of command to handle cyber incidents and mitigate cascading impacts.
Develop and Maintain Cyber Incident Response Plans
Hold Quarterly Cyber Disruption Team Meetings
Conduct IT / EM Trainings and Exercises
IT / OT Team • System monitoring and hardening • Patch management • Penetration testing • Hardware / software maintenance
Emergency Management Team • Cyber risk management • Cyber incident/disruption response planning • Training and exercise
A coordinated response ensures that all parties are performing their functional missions while minimizing or eliminating unnecessary duplication of efforts. Coordinating response across IT/OT, emergency management, local and state government, and private sector partners ensures that the response is as comprehensive and effective as possible. An effective response can lead to faster threat identification and stronger coordination across agencies and partners, which enables the targeted organization to better safeguard their assets and reputation.
Establish Regular Briefing Schedule Across Disciplines
Communicate and Prioritize Reponse Actions
De-conflict Any Response Issues Across Disciplines
IT / OT Team • Digital forensics • Malware analysis and quarantine • Breach management • Information technology disaster recovery restoration
Emergency Management Team • Consequence management (response to physical cascading impacts) • Operational coordination across relevant disciplines
Coordinated recovery actions ensure that the restoration of virtual and physical systems align and that lessons learned from the incident are retained and improved upon. Collaborating on recovery and mitigation activities and managing the long-term impacts of complex cyber incidents supports a community’s ability to recover quickly and increase resilience. Effective post-incident activities enable the targeted organization to restore services faster, complete after-action reporting in a timely manner, and begin mitigation activities to prevent future attacks.
Establish a Regular Meeting Schedule for Virtual and Physical Asset Recovery Coordination
Conduct After-Action ReportingThat Captures Areas for Improvement in Both Virtual and Physical Arenas
Develop a Roadmap for Long-Term Recovery Actions, Including any Mitigation or Grant Management Options
IT / OT Team • Restoring services (systems, data, connectivity) • Update controls and processes
Emergency Management Team • Recovery of physical assets • After-action reporting
Prepare Your Business
Partnership and Integration
Continuity of Operations (COOP)
Cyber-Kinetic Event Preparedness
Hagerty Consulting developed a cybersecurity annex for a state-level emergency management department. This project involved the engagement of a broad group of stakeholders with a role in cybersecurity operations in the state, including stakeholders from state and local governments, regional fusion centers, and the private sector. Hagerty professionals collaborated with subject matter experts who provided in-depth knowledge on cybersecurity, state-level planning, national best practices in cyber response, and fusion center coordination. This planning project contributed to broader emergency preparedness in the state by providing an annex to the state emergency plan that addresses operations related to cyber incidents. This project also contributed to efforts to build capabilities for cyber response and coordination across the state.
Statewide cyber disruption plan
Hagerty Consulting supported a state’s IT department in the development and implementation of a statewide cyber disruption plan. This project involved the engagement of a targeted group of stakeholders with a role in cyber disruption response to inform the development of the plan. Hagerty also developed an implementation strategy to provide recommendations for the implementation, socialization, and maintenance of the cyber disruption plan. The project contributed to broader efforts to increase the state’s cyber response capabilities.
Cyber incident response exercise program
Hagerty Consulting facilitated a series of iterative exercises for a state IT department. Each exercise was designed to test the state's cybersecurity response capabilities and identify areas for improvement to inform the final phase of the project: updating and enhancing the state's cyber disruption plan. Concurrently, Hagerty engaged new stakeholder groups to support the state's long-term goal of socializing cyber incident response protocols with a larger audience. Hagerty updated the state's plan to reflect those findings and provided a separate, long-term improvement plan to ensure the future growth and development of the state's cybersecurity program.
Want to know more?
Complete the form below, and you will be contacted by a member of our Cyber Preparedness Planning Team.
Download our free Cybersecurity Assessment Tool to evaluate your capabilities: