Cyber attacks are like earthquakes. There is the immediate shockwave when an incident occurs, as you hurry to identify the source of the breach, plug the vulnerability and fulfil your immediate regulatory requirements.
Then come the secondary waves that produce new problems. For example, how have essential operations been affected, and what are you doing to protect and restore your reputation?
Organisations often overlook the damage that these lingering problems cause, and the consequences can be far more expensive than they bargained for. According to one report, organisations could spend £3.6 million or more recovering from a security incident – and without appropriate processes in place, that figure could be much higher.
It’s why experts recommend a layered approach to cyber security that accounts for the steps organisations must take after an incident has occurred in addition to measures designed to prevent breaches.
The framework is known as defence in depth, and it contains five interrelated stages. Even if one of these defensive layers is breached, the next works to further contain the damage.
In this blog, we look at how you can recover from cyber attacks by taking a defence-in-depth approach to information security.
What is threat recovery?
When all other lines of defence fail, you need to ensure your organisation can survive.
Often, you will be able to restore enough critical services to be able to continue functioning, but it can take months to fully return to business as usual. In the meantime, you need a plan for how you will manage, plus you need appropriate resources to implement those plans.
For a start, you need business continuity and disaster recovery plans. Business continuity is about ensuring that your organisation continues to operate in the event of disruption. It’s a way of temporarily addressing a problem until you’re able to address the underlying issue.
For example, say your office is flooded. A business continuity plan would outline how to secure your important assets and how to ensure staff can continue to work.
Meanwhile, disaster recovery is the process of resolving the disruption. At its most basic level, it involves identifying the source of the incident and finding a way to fix it.
The plans are usually very technical and focus on specific deadlines that must be met to prevent catastrophic damage. It will include things such as RTOs (recovery time objectives), which are estimates of how long it will take for a product, service or activity to become available following an incident.
Comprehensive documentation ensures that the organisation is prepared for whatever happens, but implementing these plans can be expensive. This is where cyber insurance helps.
Policies provide organisations with the means to implement incident response measures, such as forensic investigation, legal assistance and public relations support.
These activities aren’t typically included in standard business insurance policies, which usually only cover costs related to technical issues, such as corrupted hard drives and lost devices.
How we can help
Whatever your resources or expertise, a defence-in-depth approach to cyber security will give you the best chance of mitigating the cyber security risks your organisation faces, so you can focus on your core business objectives without having to worry about coming under attack.
IT Governance has everything you need. Get in touch today to find out how we can help you secure your success.
A version of this article was originally published on 10 November 2022.