In advance of Data Privacy Day, OTRS Group experts recommend 5-step plan
Cupertino, January 22, 2020 –Ransomware attacks that caused crippling downtime for New Orleans, Louisiana; Pensacola, Florida; and Jackson County, Georgia demonstrate how the public sector is increasingly affected by cyber security attacks. Since an attack on public institutions can have devastating consequences (either by causing services to be delayed to citizens or by having citizen data made available), they are classified as critical infrastructures (KRITIS). These are subject to more stringent security measures.
On January 28, Data Privacy Day, the security experts at OTRS Group recommend adherence to a 5-step plan in order to best prepare for risks and deal with them accordingly.
1. Prepare for the establishment of a crisis management system
A number of principles should be established in advance of developing a crisis management plan. These include, for example, a definition of responsibilities, the provision of resources for the establishment and the formulation of security goals for the institution.
2. Risk analysis
During the risk analysis phase, potential risks to the facility and its processes must be evaluated. The aim is to assess what types of threats may occur and how likely they are. In addition, the analysis should consider possible damage from an attack and how an attack might affect the functioning of necessary processes.
3. Identify preventive measures
In the third phase, protective measures should be identified and weighed. These could be, for example, the installation of a firewall, security training for employees or implementing a solution such as STORM which manages security processes ensuring an effective response to attacks. A cost-benefit analysis is useful at this point.
4. Establishment of a crisis management plan
Crises that cannot be prevented despite best efforts should be managed by a professional emergency response team. One of their tasks is to create the best possible conditions and processes for managing a crisis as well as to prepare for responding to an incident when the time comes.
5. Regular evaluation
Situations and conditions can change again and again, so an evaluation of the processes should be carried out regularly – preferably annually.
“One OTRS Group survey of 280 IT managers has shown that the majority of those surveyed (61 percent) report a security incident weekly or more often,” says Jens Bothe, security expert and Director Global Consulting at OTRS Group. “In the public sector, the consequences can be even more serious than in companies. Therefore, on the occasion of Data Privacy Day, I would like to draw special attention once again to the importance of comprehensive prevention and preparation with regard to possible security attacks”.
More information about OTRS security solutions can be found here.
About OTRS Group
OTRS Group is the manufacturer and the world’s largest provider of the service management suite OTRS, awarded with the SERVIEW CERTIFIED TOOL seal of approval. It offers flexible solutions for process and communication management to companies of all sizes, saving them time and money. Among its customers are Lufthansa, Airbus, IBM, Porsche, Siemens, BSI (Federal Office for Security in Information Technology), Max Planck Institute, Toyota, Hapag Lloyd and Banco do Brazil (Bank of Brazil). More than 170,000 companies worldwide use OTRS, including over 40 percent of the DAX 30 companies. OTRS is available in 40 languages. The company consists of OTRS AG and its six subsidiaries OTRS Inc. (USA), OTRS S.A. de C.V. (Mexico), OTRS Asia Pte. Ltd. (Singapore), OTRS Asia Ltd. (Hong Kong), OTRS do Brasil Soluções Ltda. (Brazil) and OTRS Magyarország Kft. (Hungary). OTRS AG is listed on the basic board of the Frankfurt Stock Exchange. For more information, see www.otrs.com.