Recovering With Resilience

Recovering With Resilience

In the digital age, loss of access to business technology has the potential to destroy overnight what a company has spent decades building. Ransomware’s ability to cut off communications, disable systems, and destroy critical corporate data sources makes it particularly diabolical compared to other cyber risks. When a ransomware attack occurs, rapidly recovering core technologies is key to ensuring that there will be a business left to save once systems are back online. For maximum results, a rapid recovery requires some up-front planning.

Determine the ABCDs of your business

The early stages of recovery from a catastrophic ransomware attack are analogous to delivering first aid to a person who has been in a traumatic accident. First aid classes have a helpful mnemonic for prioritizing care to the injured- ABCD. To sustain life, an injured person needs:

• Airway – an unobstructed path for air to enter the lungs
• Breathing – it must be occurring
• Circulation- a heartbeat
• Dressed wounds – a way to control deadly bleeding

Technology ABCDs are the minimum set of services that must be in operation to keep the business alive. This list can be similar to but fundamentally different from the list of information assets that might previously have been identified as “crown jewels” in security planning. While the business might die in months without access to crown jewels, it will likely die in weeks or even days without its ABCDs. The list is subjective, but common ABCDs include email and financial management systems. Companies should identify the technology ABCDs for their business, and the list should then be prioritized according to need.

It’s worth noting that dependency shouldn’t be neglected in the prioritization. The ABCDs of first aid are ordered for a reason – a heartbeat won’t persist for long if an accident victim can’t breathe! Similarly, while a company might consider its accounting systems as most critical, they may not work correctly without email. Thus, email restoration would be prioritized over an objectively more important asset because it’s needed to enable that asset.

PACE yourself for a more rapid recovery

Once a prioritized recovery is in progress, it helps to have alternatives in place to provide flexibility. The development of a PACE plan can help provide the needed flexibility. PACE plans are a tool often found in communications planning for military operations. In this context, PACE stands for:

P – Primary – the main means of communication

A – Alternate – the secondary means of communication

C – Contingency – a backup means of communication in case the primary and alternate are unavailable

E – Emergency – the fool-proof fallback option for communications when nothing else works; it’s usually expensive, difficult to operate, or has some other drawback that makes it worthwhile only as an emergency choice

While identifying the technology ABCDs will focus a recovery team’s efforts for maximum speed in the wake of a ransomware attack, restoring damaged systems still requires time. Thus, a PACE plan for critical systems can restore services temporarily while the organization performs a more thorough recovery. The outcome of an effective PACE plan can include reducing business interruption costs. Better still, the investment required to enable a PACE plan before an attack might not be much.

Consider the example of email. As an alternative to operating its central email server, an organization with an immediate need to restore email services can have its domain temporarily hosted by a third party while the primary server is recovered. While this won’t provide access to historical emails for employees, it will enable forward communication with customers and key stakeholders to keep the business moving. A contingency option for email might be returning to production of a previously removed end-of-life server that is still in working condition. This option might make sense for organizations that have recently migrated email services to the cloud if spare hardware is still on-hand.

As we move into 2022, we expect to see more sophisticated threats, making planning an even more critical part of your holistic cybersecurity strategy. Taking these vital steps now will speed recovery times, reduce business disruption, and save costs in the event a ransomware attack hits your business.