Cyber Security Strategy – Recovering from an incident
Your aim in responding to a cyber-attack is to limit the damage and stop the incident from reoccurring. While this sounds simple it may not be. Why? Because your organisation will need to make a potentially complex and important decision at the outset. Do you disconnect your systems immediately to minimise any harm? Or do you hold steady while you gather the evidence you need to potentially prosecute the
The pressure will always be there to act immediately. However, sometimes it pays to step back and consider the bigger picture before you act.
The type of response you enact and the actions you take will largely depend upon the nature of the incident, as well as the time and budget you have available. Once your response has been enacted, the next phase is recovery.
Recovery from a cyber-attack is similar to recovery from any disaster. However, in the case of a cyber-attack, it should begin with the eradication of all components related to the incident, including the eradication of malicious code. Other actions might include running a virus or spyware scanner, updating signatures, disabling breached accounts, and changing passwords. Importantly, before your systems go back online and you return to ‘business as usual’, you need to validate your system’s security.
Other things to ask yourself include:
- How will we communicate with our customers and suppliers? (Depending upon which systems have been compromised, this might be challenging.)
- What do we need to communicate?
- What do we need to tell the privacy commissioner?
- What analysis is needed to determine what went wrong?
- Where are our vulnerabilities and policy and process gaps?
- How well did our response and recovery plans work? Can we improve?
- How do we mitigate the risk from happening again?
- What improvements can we make to increase our resilience?
A key contributor to your company’s cyber security is to remember that establishing a cyber security strategy is not a set and forget process. As your organisation and the complexity of cybercrime evolves, so too should your policies, approach and your strategy. Remember, your trusted IT partner can help you to stay one step ahead.