Streamlining Cyber Recovery: From 24 Days to Potentially Just Days

In his latest article for SC Media, Brian Brockway discusses a very relevant issue in today’s digital world, which is the need to improve recovery times post-cyberattack. He discusses the need for the organization to have a holistic approach to managing recovery from cyber incidents. With cyber incidents becoming a major disruptive factor for businesses and communities, Brockway’s arguments are timely and effective.

According to him, most organizations will have to deal with a recovery period of 24 days after a cyber event, which can be quite troublesome. Such long periods of inactivity cause the company to expend resources while exposing them to loss of reputation and customer trust. He breaks up the recovery stages into four core areas, where he mentions the need to be effective in each of them. As written in his article, the main points are:

• Establishing control quickly after a breach.
• Clear communication with external stakeholders.
• Determining and recovering the right data.
• Rebuilding applications systematically.

A thoroughly business-oriented recovery strategy has some clear-cut benefits

Employees save time which translates into a massive amount in lost earnings. Brockway observes that if organizations can recover data and reconstruct systems together, they can cut down the time significantly needed for recovery. For instance, developing backup data strategies may facilitate faster recovery and ensure businesses are uninterrupted. But are these points convincing enough?

First, it begs whether responding fast is enough to recover from the attack. High-tempo responses without a proper understanding of everything may cause some important details to be brushed aside and off, repeating the attack. It would be best for organizations to have a healthy split between speed and caution. One should not be sacrificed for the other.

Organizations can make bad decisions fueled by logical fallacies, one such being the unreasonable choice between an expedited recovery and conducting a holistic evaluation. Brockway advises that part of the combat strategy should consist of attacking it while speculating on its recovery strategies using simulation. This method appears to be useful but would deliver a false sense of security if organizations do not appreciate the vulnerabilities in the system. How good are such exercises as a substitute for being ready and prepared in the real world?

Wider views emerge too when Brockway is examined when taking a metaphor, he used, of his making of medical recovery, out to an interdisciplinary emergency room. The interconnectedness of even moderate complexity electronically joined systems may have a focus that is more intricate than simple triage. Other applications play a crucial role in systems. Recovery can’t be done on only core applications; other systems that are integrated into it also have to be recovered, adding other layers of complexity. Is it possible that some part of the emphasis on timeliness might contribute to more fundamental problems with the other systems later?

Brockway’s mention of the need for updating data backup strategies by using air-gapped backups and the need to have them tested frequently is an important point made. But still, organizations have to address the problem of not simply turning tools on but creating an atmosphere where they are ready to respond to a threat at any given moment. It is critical to develop a mindset for preparedness. How does the organization alter its culture to ensure that it will stay ‘breach-ready’ rather than ‘breach-repair’?

At the end of the day, Brockway’s views are a good starting point to improve recovery protocols after a cyber-attack has happened. Organizations that have a comprehensive plan that cuts across and within departments and employs advanced technology are not only likely to avail recovery but also strengthen the organization in preparation against future attacks. Establishing a robust Cybersecurity stance cannot be a choice, it has to become a requirement.

At DiskInternals, we offer data recovery software for virtual and physical environments. Our work experience with corruption, and with the consequences that follow, motivates us to develop solutions that prevent companies from suffering because of insufficient recovery actions. By addressing the issues raised by Brockway, we empower organizations to effectively reduce risk and protect their data in abnormal circumstances.