{"id":359,"date":"2021-03-26T08:57:16","date_gmt":"2021-03-26T08:57:16","guid":{"rendered":"https:\/\/www.itminister.co.uk\/blog\/?p=359"},"modified":"2021-03-26T08:57:16","modified_gmt":"2021-03-26T08:57:16","slug":"response-and-recovery-from-a-major-cyber-attack","status":"publish","type":"post","link":"https:\/\/www.itminister.co.uk\/blog\/response-and-recovery-from-a-major-cyber-attack\/","title":{"rendered":"Response and Recovery from a Major Cyber-Attack"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\"><strong>Key Learning Points<\/strong><\/h1>\n\n\n\n<p>Chief Exec and Leadership Team Buy-in and Active Support is Crucial<\/p>\n\n\n\n<p><strong>Be Prepared: <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Make sure your Cyber Defence Investment is Appropriate AND Sufficient <\/li><li>Make sure you have plans for a total IT loss scenario<\/li><li>Do not default to assuming IT is Safe \u2013Ask and Verify. <\/li><\/ul>\n\n\n\n<p><strong>Data and System Security is the Responsibility of All Staff<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Everyone has a Stake in Data and Systems Being Safe and Secure<\/li><li>Don\u2019t forget your Service Partners and Suppliers<\/li><\/ul>\n\n\n\n<p><strong>Make time to manage your storage<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Every file has a recovery cost<\/li><\/ul>\n\n\n\n<p><strong>Make Your Cyber-Security Protocols Clear<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Train Members and Staff regularly<\/li><li>Agree the rules and stick to them<\/li><\/ul>\n\n\n\n<p><strong>Know Your IT Assets, Organisational Configuration and Reliance <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Consistency aids recovery<\/li><li>Ensure all key systems and data have Business Owners <ul><li>What data do they use, where does it come from, how does it flow, who else uses it<\/li><\/ul><\/li><li>Make Sure Key Data is in Verified Backup and In-Depth<\/li><\/ul>\n\n\n\n<p><strong>Governance, Oversight and Verification of IT in the Enterprise<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>IT inform business decisions \u2013not make them. Business staff do not make IT decisions without appropriate IT input and advice<\/li><li>Do Not Underestimate How Long Recovery Will Take and Lasting Impact on All Involved<\/li><\/ul>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Key Advice<\/strong><\/h1>\n\n\n\n<p><strong>Take Cyber Defences Seriously and Be Prepared<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Well maintained and configured Firewalls and Supporting Network Devices<\/li><li>Ensure all points of ingress and egress are covered<\/li><li>Forced Regular vulnerability patching across the entire estate.<\/li><li>Force patch at least once per week, and push key security vulnerability patches out the same day when required, but only after testing the patch on our lab kit.<\/li><\/ul>\n\n\n\n<p><strong>Defence in Depth<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Make sure you are not vulnerable to a single point of failure<\/li><li>Zone and Segment the network to control the network traffic flows<\/li><\/ul>\n\n\n\n<p><strong>Backup in Depth<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Follow an appropriate regime for the data<\/li><li>Backup at least once per day, with transaction log backups inter-day where appropriate.<\/li><li>Do not rely on single location backup.<\/li><li>Ensure users are not saving files to any location that is not being backed up<\/li><li>Files should not be saved on local hard drives<\/li><li>Make sure Cloud and Hosted data services are being backup up properly<\/li><\/ul>\n\n\n\n<p><strong>Make sure you have a \u201cPhone a Friend\u201d<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Know the organisations you could reach out to for help before you need them and embed in your emergency planning in a sensible fashion.<\/li><li>Key Supplier Contacts<\/li><li>Key Partner Organisation Contacts<\/li><\/ul>\n\n\n\n<p><a href=\"https:\/\/www.ukauthority.com\/media\/8707\/david-cowan.pdf\" data-type=\"URL\" data-id=\"https:\/\/www.ukauthority.com\/media\/8707\/david-cowan.pdf\">Read More here<\/a><\/p>\n\n\n\n<p>iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Cloud security best practice and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. <a rel=\"noreferrer noopener\" href=\"https:\/\/www.itminister.co.uk\/contact.html\" target=\"_blank\">Contact Us <\/a>for more information<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Key Learning Points Chief Exec and Leadership Team Buy-in and Active Support is Crucial Be Prepared: Make sure your Cyber Defence Investment is Appropriate AND Sufficient Make sure you have plans for a total IT loss scenario Do not default to assuming IT is Safe \u2013Ask and Verify. Data and System Security is the Responsibility &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.itminister.co.uk\/blog\/response-and-recovery-from-a-major-cyber-attack\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Response and Recovery from a Major Cyber-Attack&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","beyondwords_generate_audio":"","beyondwords_integration_method":"","beyondwords_project_id":"","beyondwords_content_id":"","beyondwords_preview_token":"","beyondwords_player_content":"","beyondwords_player_style":"","beyondwords_language_code":"","beyondwords_language_id":"","beyondwords_title_voice_id":"","beyondwords_body_voice_id":"","beyondwords_summary_voice_id":"","beyondwords_error_message":"","beyondwords_disabled":"","beyondwords_delete_content":"","beyondwords_podcast_id":"","beyondwords_hash":"","publish_post_to_speechkit":"","speechkit_hash":"","speechkit_generate_audio":"","speechkit_project_id":"","speechkit_podcast_id":"","speechkit_error_message":"","speechkit_disabled":"","speechkit_access_key":"","speechkit_error":"","speechkit_info":"","speechkit_response":"","speechkit_retries":"","speechkit_status":"","speechkit_updated_at":"","_speechkit_link":"","_speechkit_text":""},"categories":[17,18,23,9],"tags":[],"class_list":["post-359","post","type-post","status-publish","format-standard","hentry","category-cyber-risk","category-cyber-security-best-practice","category-cyber-security-research","category-training"],"_links":{"self":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts\/359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=359"}],"version-history":[{"count":2,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts\/359\/revisions"}],"predecessor-version":[{"id":361,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/posts\/359\/revisions\/361"}],"wp:attachment":[{"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itminister.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}