Data breaches continue to occur at a rate faster than previous years. One study, by Identify Theft Resource Center, reports that data breaches are up 24% through May, 2016, over the same period last year. Cyber criminals are increasingly targeting people through social engineering to gain access to company networks and leveraging ransomware aggressively as intrusion avenues. The attacks are more sophisticated and diverse. The likelihood of a business being attacked is escalating, even one with robust cybersecurity defenses.
Smart businesses are realizing they need strong recovery planning as well as solid cyber security measures. A comprehensive recovery plan can help you quickly:
- Calm your customers
- Assure your employees
- Reestablish your IT security
- Preserve your brand
National Institute of Standards and Technology (NIST) defines five functions in the Cybersecurity Framework, which addresses cyber risk management process: Identify, Protect, Detect, Respond, and Recover. They recognize the need to increase focus on the Recover element.
Recovery should include two parts. The traditional focus on returning business to operational status is one major part. The other is using recovery phase as a catalyst for lessons learned and continuous improvement. Strong cybersecurity measures of last month may need to be enhanced or undergo a shift in focus to deal with the risks of next month.
The value of a recovery plan is it improves the ability of a business to anticipate and lessen the negative impacts of a cybersecurity event. A good recovery plan should address:
- The need for understanding and commitment by the business owner and key stakeholders of what are potential damages from a cybersecurity event and the importance of quick response.
- Ability to identify and prioritize risks. A data breach will include many unknowns in the early stages of detection. A good recovery plan should include potential scenarios and assessments of the related risks.
- Recovery methodologies may include acknowledgment and commitment of significant investment in hardware, software, consultant fees, and attorney fees. Successful recovery from a data breach event will in part depend on what methodologies for recovery are enacted in the early stressful days after the initial harm is identified.
- Documentation of specific roles, responsibilities and tasks covering such topics as key decision makers, customer communications, legal advice and recovery investment will greatly impact a business’ ability to quickly become operational again.
Post-event lessons learned reviews and acceptance of continuous improvement recommendations will help a business recover and move forward after a harmful cyber event.
Learn more ways to protect your business at The National Cybersecurity Institute.
Identity Theft Resource Center (n.d.). Do you need help with an identity theft problem? Retrieved from http://www.idtheftcenter.org/
NIST (2016). Information Technology Portal – Overview. Retrieved from http://www.nist.gov/information-technology-portal.cfm