How to survive a major cyber incident
by Dan Simms, on May 17, 2019 10:21:00 AM
Before WannaCry and NotPetya, most organisations didn't think they could ever find themselves in a position where they could lose everything.
WannaCry and NotPetya changed all that - imagine for a moment how you would feel if all your desktop, laptop computers and all your servers were wiped by malware?
Imagine if that included your authentication system and your backup server. Moreover, imagine how you would feel when you try and rebuild your backup server (to allow you to restore your data), only to find that you can’t as it needs a working authentication system. The classic chicken and egg.
Pretty scary, however, what’s even more frightening is that this isn’t a story created by someone wanting to increase their disaster recovery budget. This is the reality that several organisations found themselves in, in 2017.
So how do you recover from this? The best advice can be taken from the front cover of the Hitchhikers Guide to the Galaxy ‘Don’t panic’.
Here are some things to consider if you find yourself in this situation:
1. Set expectations
Major cyber incidents take time and money to recover from. Usually this means a number of days (and in some cases months) without access to some line of business applications.
2. Use your disaster recovery systems
Bring online any business continuity/disaster recovery systems that you have available to you, to help people communicate and continue to work throughout the incident.
3. Establish what happened
Was this ransomware or do you suspect data theft? Sometimes data theft is hidden behind ransomware. This will help you understand whether you need to report the incident under GDPR.
4. Establish a safe way to recover your systems
For some businesses, this might mean restoring systems to a different environment such as Microsoft Azure or Amazon AWE.
5. Choose your top 10 systems
Consider the top ten systems and associated data that your business needs to stay in business. Involve the COO, CFO and HR director in this discussion. Be bold - unless the system is absolutely required to ‘stay in business’ then it can wait. Focus all your activity on recovering systems in the agreed priority order.
6. Be realistic
Be realistic about how long the recovery will take. Even if you’re working 24x7, it will take you longer than you expect.
7. Keep productivity high
Get your business busy with things that don’t involve computers - such as visiting clients and undertaking business development.
8. Communicate regularly
Communicate to your stakeholders regularly - this will help people stay productive, while you recover your business.
9. Get help
There are several companies out there that can help you with the recovery or forensic investigation.
10. Look after your team
Look after your recovery teams - food, massages, and lots and lots of praise. They will be working 24x7, and this will help them maintain their energy levels.
As Nick Ross would say "Don't have nightmares, do sleep well."
Want to learn more? Check out this collection of incident planning articles.
Klaxon is an intuitive, simple platform to provide fast and powerful communications when you're faced with major incidents. Schedule your personalised demo today and try it free for 30 days.