Cybersecurity Incident vs. Event
What Are They, How to Report Them, and Why Reporting Matters
What Are They, How to Report Them, and Why Reporting Matters
Cybersecurity threats pose a significant risk to organizations of all sizes. As technology continues to evolve, so do the tactics of cyber criminals looking to exploit vulnerabilities for financial gain or to cause disruption. This makes it critical that all cybersecurity incidents, no matter how minor they may seem, are reported promptly and adequately.
In today's digital landscape, we all must stay vigilant against cyber threats. But do you know the difference between a cyber incident and a cybersecurity event? Understanding the distinction is critical for proper reporting.
What is the Difference Between a Cyber Incident and an Event?
A cybersecurity incident occurs when something unexpected happens with a computer system, such as a service abruptly halting or functioning less effectively. It can occur due to errors, accidents, or intentional actions. This encompasses instances where regulations governing computer usage are violated or when someone attempts to compromise the integrity of a computer system or the data it contains. It denotes situations where computer malfunctions occur or malicious activities are perpetrated.
Cybersecurity events are alerts indicating that something unusual is happening in our computer systems. These include instances such as when someone attempts to log in and fails or when our systems detect anomalous activities such as pings or scans. While these events can be concerning, they do not necessarily signify a breach of our security. Nevertheless, they provide valuable insights into potential issues and aid us in identifying emerging threats before they escalate.
What is Incident Reporting and Why It Matters
Cybersecurity incident reporting is the process of notifying relevant parties when a security breach or cyberattack occurs. These incidents must be handled quickly and with care to mitigate damage and prevent future attacks.
By reporting incidents through the appropriate channels, organizations can initiate incident response plans to contain and remediate issues before they escalate into more serious breaches. Detailed reporting also provides valuable information that can be analyzed to identify trends, uncover systemic weaknesses, and improve defenses against future attacks. Proper documentation creates an audit trail that demonstrates due diligence in the event of litigation or regulatory inquiries.
It is critical to report these incidents because they provide the context needed by security professionals to document responses.
Reporting a Security Incident or Concern and Why It Matters
When an incident occurs, it's crucial to document the details. The who, what, when, where, and how to provide invaluable insight. This incident report becomes a road map, decoding how to prevent future mishaps. Assessing the breach's origin helps identify vulnerabilities.
The report fuels more innovative policies, tighter compliance, and proactive risk management. Prompt and proper reporting allows the State to take swift action, conducting forensic analysis and remediating vulnerabilities. Use the below information as a guide when gathering information to report an incident or event.
Date and time when the incident or event first occurred
Date and time when the incident or event was detected
Description of the problem. Include any odd behaviors observed
Provide any technical information, if available. (IP addresses, hostnames, file names, system logs, etc.)
Identify any known system(s), data or other assets were affected or compromised, and the current status. This includes any sensitive customer or employee information that may have been exposed.
If known, outline the business impact in terms of operations disrupted, functions disabled, or financial losses.
A cybersecurity incident can have far-reaching impacts on an organization, so it’s critical to gather the right details to make an effective report. Focus first on establishing the basics—who, what, when, where, and how the incident occurred. The goal is to provide the information needed without introducing unnecessary confusion.
Who Do I Report a Cybersecurity Incident or Concern To?
Wyoming State Government
(Executive Branch Boards and Commissions)
(Executive Branch Boards and Commissions)
Department of Enterprise Technology Services (ETS)
Customer Service Desk
Incident Portal: https://wyoprod.servicenowservices.com/ets
Email helpdesk@wyo.gov
Phone at +1 (307) 777-5000
Public or Private Entities
Wyoming Office of Homeland Security (WOHS)
307-630-2767
Private Citizens
Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3)
File a Complaint
Additional Resources
Additional Resources
Cyber threats are increasing in frequency and complexity, which is why it's crucial to monitor them closely, report them promptly, and collaborate with partners continually to ensure business continuity and resilience. By taking a proactive approach, the State can respond decisively when incidents occur, thereby protecting our critical systems and sensitive data.
Here are some additional resources to expand your knowledge of Incident Reporting.
Cyber Assistance Response Effort (CARE) Team (Wyoming Office of Homeland Security, WHOS)
Cyber Incident Reporting (Federal Bureau of Investigation, FBI)
Cybersecurity Incident Response (Cybersecurity and Infrastructure Security Agency, CISA)
Source 01 copy.ai