Cyber Security Strategy: Step 4 – Responding To and Recovering From an Incident

Cyber Security Strategy – Recovering from an incident

Your aim in responding to a cyber-attack is to limit the damage and stop the incident from reoccurring. While this sounds simple it may not be. Why? Because your organisation will need to make a potentially complex and important decision at the outset. Do you disconnect your systems immediately to minimise any harm? Or do you hold steady while you gather the evidence you need to potentially prosecute the

The pressure will always be there to act immediately. However, sometimes it pays to step back and consider the bigger picture before you act.

The type of response you enact and the actions you take will largely depend upon the nature of the incident, as well as the time and budget you have available. Once your response has been enacted, the next phase is recovery.

Recovery from a cyber-attack is similar to recovery from any disaster. However, in the case of a cyber-attack, it should begin with the eradication of all components related to the incident, including the eradication of malicious code. Other actions might include running a virus or spyware scanner, updating signatures, disabling breached accounts, and changing passwords. Importantly, before your systems go back online and you return to ‘business as usual’, you need to validate your system’s security.

Other things to ask yourself include:

  • How will we communicate with our customers and suppliers? (Depending upon which systems have been compromised, this might be challenging.)
  • What do we need to communicate?
  • What do we need to tell the privacy commissioner?
  • What analysis is needed to determine what went wrong?
  • Where are our vulnerabilities and policy and process gaps?
  • How well did our response and recovery plans work? Can we improve?
  • How do we mitigate the risk from happening again?
  • What improvements can we make to increase our resilience?

A key contributor to your company’s cyber security is to remember that establishing a cyber security strategy is not a set and forget process. As your organisation and the complexity of cybercrime evolves, so too should your policies, approach and your strategy. Remember, your trusted IT partner can help you to stay one step ahead.

Further Reading:

Cyber Security Strategy Step One – Identify Your Assets

Cyber Security Strategy Step Two – Protect Your Assets

Cyber Security Strategy Step Three -Detecting and Identifying a Breach 

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top