Posted on by IT Minister Blog

Response and Recovery from a Major Cyber-Attack

Key Learning Points

Chief Exec and Leadership Team Buy-in and Active Support is Crucial

Be Prepared:

  • Make sure your Cyber Defence Investment is Appropriate AND Sufficient
  • Make sure you have plans for a total IT loss scenario
  • Do not default to assuming IT is Safe –Ask and Verify.

Data and System Security is the Responsibility of All Staff

  • Everyone has a Stake in Data and Systems Being Safe and Secure
  • Don’t forget your Service Partners and Suppliers

Make time to manage your storage

  • Every file has a recovery cost

Make Your Cyber-Security Protocols Clear

  • Train Members and Staff regularly
  • Agree the rules and stick to them

Know Your IT Assets, Organisational Configuration and Reliance

  • Consistency aids recovery
  • Ensure all key systems and data have Business Owners
    • What data do they use, where does it come from, how does it flow, who else uses it
  • Make Sure Key Data is in Verified Backup and In-Depth

Governance, Oversight and Verification of IT in the Enterprise

  • IT inform business decisions –not make them. Business staff do not make IT decisions without appropriate IT input and advice
  • Do Not Underestimate How Long Recovery Will Take and Lasting Impact on All Involved

Key Advice

Take Cyber Defences Seriously and Be Prepared

  • Well maintained and configured Firewalls and Supporting Network Devices
  • Ensure all points of ingress and egress are covered
  • Forced Regular vulnerability patching across the entire estate.
  • Force patch at least once per week, and push key security vulnerability patches out the same day when required, but only after testing the patch on our lab kit.

Defence in Depth

  • Make sure you are not vulnerable to a single point of failure
  • Zone and Segment the network to control the network traffic flows

Backup in Depth

  • Follow an appropriate regime for the data
  • Backup at least once per day, with transaction log backups inter-day where appropriate.
  • Do not rely on single location backup.
  • Ensure users are not saving files to any location that is not being backed up
  • Files should not be saved on local hard drives
  • Make sure Cloud and Hosted data services are being backup up properly

Make sure you have a “Phone a Friend”

  • Know the organisations you could reach out to for help before you need them and embed in your emergency planning in a sensible fashion.
  • Key Supplier Contacts
  • Key Partner Organisation Contacts

Read More here

iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Cloud security best practice and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information

Leave a Reply

Your email address will not be published. Required fields are marked *