Questions To Ask To Help You Prepare For A Cyberattack
Develop a holistic backup strategy that covers all systems and core infrastructure services.
Steve Durbin, Chief Executive of the ISF and Forbes Business Council Member.
Even if you could completely block the possibility of cyberattacks, it would be prohibitively restrictive and expensive. The reality is that most organizations will face multiple cyberattacks in their lifetime. How they respond and recover from these attacks often determines whether the business survives.
While there is a growing understanding of the need for a recovery plan to prepare for the possibility of an extinction-level attack, most organizations are simply not ready. Only 26% have adopted formal enterprise-wide security response plans, according to the 2020 Cyber Resilient Organization Study by the Ponemon Institute (registration required), with more than half of the organizations polled admitting an inconsistent ad-hoc approach.
But before you can develop the ability to recover successfully from a cyberattack, you must ask the right questions.
Creating An Organizational Threat Profile
What is the likelihood that you will be hit by an extinction-level attack? What are the relevant threats to your organization? If you can craft an accurate threat profile, you can get a picture of the likely source and type of attack you are facing. Any insight into your exposure can be enormously valuable in helping you to better prepare your defenses and draft a comprehensive recovery plan.
To gain a useful perspective on threats, you must gather information and share intelligence. Strong up-to-date threat intelligence can help you identify weaknesses and craft appropriate responses. Always ensure your board is fully briefed on likely threats, particularly extinction-level attacks so you secure the engagement and swift decision-making that is needed in the aftermath of such an attack.
Establishing Strong Cyber Hygiene
Have you built a high standard of cyber hygiene across your organization? Do you have core controls and processes in place? Although strong cyber hygiene might not prevent an attack, it can slow propagation and provide breathing room for mitigation. Focus on three core concepts:
• Asset list: It’s crucial to maintain an accurate and comprehensive list of your software, hardware and networks. Without an up-to-date inventory and an in-depth understanding of your information assets, recovery from an extinction-level attack could prove impossible.
• Patching process: Swift patching to manage system and device vulnerabilities is vital to reduce the risk of attack and to slow any attack in progress. Expedite your patching process and focus on key systems that are internet-facing.
• Backup capabilities: Develop a holistic backup strategy that covers all systems and core infrastructure services. Backups should be regular, and keep in mind it’s important to hold onto old backups, as malware infections often take some time to uncover. A comprehensive offline backup that includes your asset list can make all the difference when you’re trying to recover from an attack.