What do you think about when you hear the word “disaster”? Hurricanes? Floods? Earthquakes? Fires?
In reality, a disaster doesn’t have to be so dramatic. When it comes to your business, disaster can mean something as simple as a power outage, broken pipes or, in today’s digital world, an employee that clicked on the wrong link. With the proliferation of new attack vectors and immediately crippling attacks such as ransomware, you can’t take any chances.
Being prepared isn’t just for big organizations and critical infrastructure. While the threat level is escalated and the impacts are ever increasing, the steps to prepare are well-known and doable. Your business is critical to you, so why would you treat it any differently?
It’s important to ensure that your business is resilient and is capable of recovering from not only a failure but also an attack. To this point, disaster recovery and incident response are tightly linked. The ability to respond to attacks with an incident response plan is often followed by the need to restore some or all of your infrastructure.
Ransomware is a great topic to discuss because it is new in the way it impacts the business. In the past, we saw largely breach-related attacks that stole or exposed private, sensitive information. This is a breach of confidentiality and it doesn’t often require any sort of system or data recovery. However, while ransomware may impact confidentiality, it is focused on leveraging the need to have systems and information available as its primary motivator; if you don’t pay, you will not have access to the information you need to run your business.
As part of being prepared you need two things: an incident response plan and a disaster recovery plan.
As part of being prepared you need two things: an incident response plan and a disaster recovery plan. That is to say that you need to quickly respond to cyberattacks and, if your defenses fail, you need to be able to recover your information and your systems quickly. Being quick is a key point. The quicker you mitigate the attack, the less impact you’ll suffer. Consider the business impacts of an incident that takes one hour to recover from as opposed to one week.
With the continually growing amount of data, organizations have more-and-more moved to online backups. You have to consider that any online system may be affected by ransomware and taken offline.
It is absolutely crucial that you have an offline backup of your information, some medium that is not accessible via a network, so that you can recover in the case that you cannot restore normal business operations after a ransomware attack. There are cases where ransomware encryption cannot be undone (technical failure) or you simply cannot afford to pay the ransom. This is also just good practice – no one knows what the next major attack vector will be and how it will impact your business.
If your business goes away, we all suffer. We must be prepared to respond and recover quickly from cyberattacks. We need to mitigate the initial attack with a meaningful and practiced incident response plan and we need to have an effective way to recover data and information systems. It’s never too late to get started and there’s no good reason to put it off. Even a bad plan is better than no plan. And a practiced plan is even better.
Dan Didier is a cybersecurity pragmatist who partners with business leaders to appropriately position cybersecurity for the practical, effective and relevant protection of business assets through risk management.
With the mission of empowering organizations to have the tactics, resources and intelligence required to defend their most critical assets, in 2007, he founded NetSecure, a cybersecurity consulting company dedicated to providing top-tier services for businesses and their stakeholders.
Dan’s unique background in technology and business allows him to bridge the gap between people, process and technology, implement effective business processes and adapt to the unique cybersecurity challenges that organizations face.
After 20 years of experience in a wide range of industries including critical infrastructure, finance, healthcare, technology, manufacturing and other industries, Dan now serves as GreyCastle Security’s Vice President of Services where he leads one of the nation’s largest teams of cybersecurity professionals.
Dan is accredited with several industry certifications and he received his bachelor’s degree in Telecommunications from SUNY Polytechnic Institute and graduated Summa Cum Laude with his Master’s degree in Information Assurance from Norwich University.