Cyber-attacks are continuously rising in every industry, adding to a long list of challenges that CISOs already face. Their wide-ranging concerns often boil down to the primary key objective: managing the risk.
One of the critical aspects for CISOs to mitigate risk in a cyber-attack is how the organization responds when the organization can recover. Because it is not just a question of whether the cyber-attack will hit, but when it will strike. At the same time, the ability to recover quickly from a cyber-attack can dramatically reduce the collateral damage that they will suffer. Some of the devastating effects of cyber-attacks include financial losses, reputational damage, time and resources cooperating with government agencies, and endangerment to public safety.
While preventing cyber-attacks is the primary objective for any CISO, attempting to stop a state-sponsored threat is nearly futile. In such cases, CISOs should prepare the organization for a speedy recovery. The goal with recovery should not be solely on resuming business operations but on recovering the business to a secure, possible pre-incident state.
Also Read: How CISOs can Effectively Handle Third-Party Security Risk Management
Here are a few aspects, organizations should keep in mind when creating a security strategy:
Speed is critical to recover from attacks
It is crucial to close off all the possible avenues that are vulnerable to threat actors and restore vital technologies at an unprecedented level.
Standard immutable backups may not be the solution
There is a compelling case for immutable backups, as they offer the highest level of protection from attackers who seek to infect backups. However, the issue is that while backing up standard immutable backups, organizations may inadvertently end up retaining malware that might already be present in the system.
As per industry experts, the average dwell time for ransomware is over three weeks. So there is a high probability that the immutable backup will have been preserved in the event of a security incident. It has a higher chance of unleashing the exact malware that the organization is trying to eradicate under extreme circumstances.
Also Read: How to Make Your Security Operations Center Future-Ready
Recovery test runs are vital to a fast recovery
CISOs that only begin to learn and better understand how to restore their directory services while an attack is in progress often leads to disaster and sometimes, significant collateral damage. Hence, CISOs should know how to effectively restore their directory services in advance. They should provide their teams with the infrastructure and support needed for a stress-test AD recovery plan. This will give everyone peace of mind. Therefore, CISOs should regularly test the AD recovery of the organization.
Conduct post-attack forensics
CISOs that do not conduct rigorous post-breach forensics of their organizations are likely to get attacked with the same strategy that threat actors utilized for the first time. To stave off the successive attacks, CISOs should have a comprehensive understanding of why they were attacked in the first place. Their post-breach forensics analysis should provide them with the time for malicious changes in infrastructure. This will enable them to isolate compromised accounts and subsequently prevent future attacks.
For more such updates follow us on Google News ITsecuritywire News