Recover from a cyber attack

Gavin Wood, CyberLab CEO, summarises how to recover from a cyber attack and advises how to create your disaster recovery plan. He covers:

• • Introduction to Cyber Disaster Recovery

• • Creating Your Disaster Recovery Plan

• • Regular Testing

Introduction to Cyber Disaster Recovery

Disaster Recovery involves policies, tools and procedures to cover your organisation’s plan and ability to respond to a disaster and recover critical business infrastructure.

In the film Jurassic Park, computer programmer Dennis Nedry deliberately disables and locks people out of the parks systems (almost like an insider threat actor deploying ransomware!). In the film, this causes various prehistoric carnivores to run amok, snacking on the protagonists. To restore their systems, it’s a simple case (apart from the dinosaur attack) of restarting the systems (switch it off and on again!) and boom, all the systems come back online, and they can escape. If only Disaster Recovery was that simple!

Disaster Recovery is one of the parts of ITSM (Information Technology Service Management) that I would include in getting the basics right (see also: patching, antimalware, etc). It also plays a vital part in your overall security strategy.

I have discussed defence in depth in previous blogs, and at the very heart of that strategy is having a good DR plan. If your layers of defence fail to protect you, being able to restore your systems quickly and efficiently is crucial to your business’s survival. Think about how long you can go without your critical systems before reputation or revenue is affected.

An example of how disastrous a DR event can be even months after it happens is the attack that affected Gloucester Council last year. As reported recently by the BBC, the Council’s IT systems are still not fully back up and running. That’s nearly ten months of downtime! 

So in the aftermath of a cyber-attack or any event that caused widespread destruction to your IT systems, you will need a DR plan to get you back on track.

Creating Your Disaster Recovery Plan

So, what makes a good DR plan? There are several steps you should follow when creating your DR plan:

Review your infrastructure and make sure you know your estate. If you can’t see it, you can’t manage or recover it in the event of failure.

Complete an impact assessment for each system. What is the impact on your business of losing access to that system or its data?

Identify business-critical systems and prioritise these first.

Work out what your Recovery Time Objectives (RTO) need to be. This is the amount of elapsed time your business can survive without access to these systems. There will be different RTOs for different systems depending on criticality/business impact.

Choose an appropriate DR technology. From real-time replication of block-level data to a remote site through to once-a-week tape backup kept securely offsite, many options exist. For each system, you will need the appropriate technology to ensure you can meet your RTOs.

---

“We could not have picked a better time to implement the changes from a standard in-situ server to a cloud-based solution. Our enforced homeworking would be considerably more difficult without this. Like all IT projects, there are always a few challenges, but these were tackled with knowledge and enthusiasm and quickly sorted out. The aftercare is great and we are looking forward to discussing further potential improvements to our systems.”

– Simon Fielding, Finance Director, The Kay Group

---

Ensure you have the right policies/procedures to review and regularly amend the DR plan.

Most importantly, have a plan and test it.

• • What is the agreed trigger point for a DR plan to be implemented?

• • What is the process for restoring the systems?

• • Who will trigger the restore?

• • How will you bring the system back into service?

• • Who communicates this to the business?

All this needs to be documented and kept somewhere accessible. Not on a system where it could be inaccessible in a DR event!

Regular Testing

Once you have the plan, regular testing is essential, and when I say testing, I mean testing properly. Just reviewing backup jobs and checking replication status is not enough. Testing is the only surefire way to ensure that in the event of a disaster, you stand a chance of being able to recover.

The first few times you test the plan, you may fail to be able to recover, but this is not a failure. You will only work out the issues in your plan by trying it out, and each time your plan and procedures will improve, giving you that fighting chance of fully recovering.

I haven’t covered business continuity (BC) in this article. That is a much broader conversation in which DR features. A well-tested DR plan will be crucial if you are working on a BC strategy.

Please reach out if you want to talk about protecting your data from ransomware attacks or support with your business continuity and disaster recovery plans. Book your free 30-minute consultation with one of our experts.