Cybersecurity Incident Reporting: What Should I Report?
Cybersecurity Incident Reporting: What Should I Report?
Cybersecurity threats are an unfortunate reality in our increasingly digital world. Cyber criminals are constantly developing new and more sophisticated methods to penetrate networks, steal sensitive data, commit fraud, or cause widespread system disruption.
Even a seemingly minor security incident can escalate into a major breach with devastating financial and reputational consequences if not addressed quickly. That's why it's so important that everyone is vigilant and understands what to report and how to report it, no matter how insignificant it may seem.
Employees at all levels, from entry-level staff to senior executives, play a vital role in quickly identifying and escalating potential security breaches. This allows for swift investigation and containment of threats before they lead to major damage or data loss.
What is Security Incident Reporting?
What is Security Incident Reporting?
Cybersecurity incident reporting is the process of notifying relevant parties when a security breach or cyberattack occurs. These incidents must be handled quickly and with care to mitigate damage and prevent future attacks.
By reporting incidents through the appropriate channels, organizations can initiate incident response plans to contain and remediate issues before they escalate into more serious breaches.
Detailed reporting also provides valuable information that can be analyzed to identify trends, uncover systemic weaknesses, and improve defenses against future attacks. Proper documentation creates an audit trail that demonstrates due diligence in the event of litigation or regulatory inquiries. It is critical to report these incidents because they provide the context needed by security professionals to document responses.
Common Cybersecurity Incidents That Should Be Reported
Common Cybersecurity Incidents That Should Be Reported
All cybersecurity incidents should be reported immediately, but some of the most common ones encountered by average people are data breaches, malware infections, phishing attempts, ransomware attacks, and business email compromise (BEC).
Data breaches, whether from hacking or insider threats, can expose customer and company data. They are an increasingly common occurrence that can have devastating consequences for businesses. When sensitive customer data like names, email addresses, passwords, or financial information is exposed, it erodes consumer trust and can seriously damage a company's reputation.
Malware infections are among the most common incidents. Malicious software, such as viruses, worms, Trojans, or spyware, infiltrates systems to steal data or cause disruption. These infections often lead to a cascade of problems. Many infections start with someone accidentally clicking a malicious link or downloading an infected attachment.
Phishing and callback phishing attempts are another frequent threat, tricking employees into revealing sensitive information or downloading malware. These have become all-too-common threats in today's digital world and one that no one can afford to ignore. These deceptive tactics involve cybercriminals sending fraudulent emails, texts, or messages or making fraudulent calls that appear to come from legitimate sources, like a bank, a popular website, or even a colleague.
The goal is to trick the recipient into divulging sensitive data, like login credentials, credit card numbers, or confidential company information. These messages often convey a false sense of urgency, pushing you to act quickly without scrutinizing the request too closely.
Ransomware attacks lock up files and demand payment to release them. Sensitive data can be stolen, corrupted, or encrypted by ransomware. System performance may slow to a crawl as the malware consumes processing power and network bandwidth. In some cases, malware can even allow cyber criminals to remotely control infected machines, using them to launch attacks on other systems.
Business email compromise, or BEC for short, is a serious and growing threat that all professionals need to guard against. In a typical BEC scam, the attacker uses social engineering tactics to trick an employee, often someone in finance or accounts payable, into transferring funds or sensitive info to the scammer.
They do this by sending a spoofed email that looks like it's from the CEO or other top executive, a vendor, or another trusted party. The email urgently requests a wire transfer, invoice payment, or confidential data. Because it seems legitimate, the employee complies, not realizing they've been duped until it's too late.
Reporting a Security Incident or Concern and Why it Matters
Reporting a Security Incident or Concern and Why it Matters
When an incident occurs, it's crucial to document the details. The who, what, when, where, and how to provide invaluable insight. This incident report becomes a road map, decoding how to prevent future mishaps. Assessing the breach's origin helps identify vulnerabilities. The report fuels smarter policies, tighter compliance, and proactive risk management. Prompt and proper reporting allows the State to take swift action, conducting forensic analysis and remediating vulnerabilities. Use the information below as a guide when gathering information to report an incident or event.
Date and time when the incident or event first occurred
Date and time when the incident or event was detected
Description of the problem. Include any odd behaviors observed
Provide any technical information, if available. (IP addresses, hostnames, file names, and system logs, etc.)
Identify any known system(s), data, or other assets that were affected or compromised, as well as their current status. This includes any sensitive customer or employee information that may have been exposed.
If known, outline the business impact in terms of operations disrupted, functions disabled, or financial losses.
A cybersecurity incident can have far-reaching impacts on an organization, so it's critical to gather the right details to make an effective report. Focus first on establishing the basics—who, what, when, where, and how the incident occurred. The goal is to provide the information needed without introducing unnecessary confusion.
Who Do I Report a Cybersecurity Incident or Concern To?
Who Do I Report a Cybersecurity Incident or Concern To?
Wyoming State Government
(Executive Branch Boards and Commissions)
Department of Enterprise Technology Services (ETS),
Customer Service Desk
Incident Portal: https://wyoprod.servicenowservices.com/ets
Email helpdesk@wyo.gov
Phone at +1 (307) 777-5000
Public or Private Entities
Wyoming Office of Homeland Security (WOHS)
307-630-2767
duty.officer@wyo.gov
Private Citizens
Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3)
Additional Resources
Additional Resources
With cyber threats growing in frequency and complexity, vigilant monitoring, timely reporting, and ongoing collaboration with partners have become essential to business continuity and resilience. By taking a proactive stance, the State can respond decisively when incidents arise, safeguarding our critical systems and sensitive data.
Incident Reporting Resources
Incident Reporting Resources
Cyber Assistance Response Effort (CARE) Team (Wyoming Office of Homeland Security, WHOS)
Cyber Incident Reporting (Federal Bureau of Investigation, FBI)
Cybersecurity Incident Response (Cybersecurity and Infrastructure Security Agency, CISA)
Cybersecurity Incident vs Event (Enterprise Technology Services March 2024 CyberPulse)
Common Incident Resources
QR Code Phishing (Enterprise Technology Services August 2024 CyberPulse)
Callback Phishing Scams (Enterprise Technology Services January 2025 CyberPulse)
Common Incident Resources
QR Code Phishing (Enterprise Technology Services August 2024 CyberPulse)
Callback Phishing Scams (Enterprise Technology Services January 2025 CyberPulse)
The faster users report suspected incidents, the quicker the organization can leap into action to mitigate risk and minimize harm from cyberattacks. At the end of the day, every employee shares in the responsibility of keeping the company's digital assets and data safe through their attentiveness and willingness to speak up when something seems amiss.
If any of these or other suspicious cyber activities are detected, it's critical to notify IT security immediately so they can investigate and remediate the issue. Staying vigilant and having a clear reporting process helps keep the company and its data safe.
Prompt identification and response to potential threats are critical for containing the damage, preventing future incidents, and protecting the integrity of systems and data. Minutes can make the difference between a close call and a devastating breach.
By proactively monitoring for suspicious activity and having a well-rehearsed incident response plan at the ready, the damage from an attack can be significantly mitigated. Quarantining affected systems, cutting off malicious access, and restoring clean backups allow you to regain control of the situation. Thoroughly investigating an incident also provides valuable insights to prevent similar attacks in the future, whether through patching vulnerabilities, enhancing monitoring, or further strengthening defenses. Safeguarding sensitive data and critical systems from increasingly sophisticated threats requires constant vigilance and preparedness to identify and decisively respond at the first sign of trouble. The security and integrity of the business depend on it.
By encouraging employees to speak up about security concerns and treating every reported incident seriously, organizations can dramatically reduce their cyber risk exposure and build a more resilient defense against relentless cyber adversaries seeking to exploit any weakness.
Page updated
Report abuse