Cyber Resilience and Disaster Recovery – where do you start?

You may have heard the term “Cyber Resilience” recently. Like many terms in the IT world, we’ve let our marketers run rampant and they’ve created a new term for an old thing.

The basic concept behind it is this: “how quickly could you be up and running again in the event of a successful attack from an adversary outside or inside your organisation?”

It’s important for your organisation to be prepared with a planned and pre-tested Business Continuity and Disaster Recovery (BC/DR) plan before you are hit with an issue like a ransomware attack, or a fire in your main office, or disease that threatens the workforce or, if you’re in Victoria these days, an earthquake.

Strategies to defend against and recover from cyber-related risks on your business should be enacted.

It may be as simple as the deployment of modern endpoint protection tool, plus backup and recovery applications for your end users. Or it may be a more complex approach with a Security Operations Centre (SOC) or managed response solution coupled with network security tools such as DNS and Web filtering, network and endpoint firewalls, VPNs, backup and recovery and others.

It’s also critical to ensure that your staff are aware of ransomware risks as part of a successful security awareness training program.

The bottom line though, is that if prevention methods and training fail, and your company is successfully attacked, you’ll need a protection strategy that restores your company’s assets and resources safely and swiftly.

How do you prepare for Cyber Resilience?

Specific issues come to mind when considering a complex Cyber Resilience strategy: what risks are we addressing, how will they be addressed, why have we made the decision to counter them or the consequences, and most importantly, who is going to take the actions, and by when?

Here are some questions you will need to consider.

Key questions

• Who will be involved in the disaster recovery actions and the communication chain?
• What is our Recovery Time Objective, or how long can your organisation tolerate downtime? Obviously, the less the better, but different outage periods also attract different costs to shorten the recovery timeframe.
• While we are waiting for regular services to be restored, how can our team continue working from the cloud?
• Which applications or user groups are most important to the lifeblood of the business? eg. the marketing and admin teams are probably less important than the frontline workers interacting with your clientele.
• What technology do we have access to, that can reduce our downtime?
• How is our network designed to seal off access to core company resources to only those users/devices that need to access it? How can we use the network topology as one of our foundations for defence?
• How can our team get their data back if a single endpoint device is compromised? And how quickly?
• How do we evaluate the source of an attack? What tools can assist us in conducting a mid- or post-attack analysis?
• What tools can help us prevent the spread of malware in the network?
• If we need to, can we reset the entire system back to a specific point in time?

What then?

If you have never put together a BC/DR plan before, now is the time to consultant an expert. You understand your business and they understand the tools available t protect it.

Contact a company like Computer One to resolve your downtime issue before it even occurs.

Final note: To be sure it will work when you really need it, you’re going to have to commit to testing it at least once per year. That can be an expensive effort, depending on how realistic the simulated downtime event needs to be – and the answer to that question depends on how much money is at stake in a downtime event for you.

Your advisor will be able to take you through the various testing scenarios and explain the pros and cons of each, allowing you to make a choice on the best fit for price.