As ransomware attacks exponentially explode across the threat landscape, organizations are having to confront woeful inadequacies in recovery plans and preparation. Many are incorporating strategies like zero-trust and adopting technologies that integrate privacy and security into the designs. Even with all the latest tools and techniques in place, it can be near impossible to make informed business decisions under the stressful circumstances of a cyberattack.
With the explosion in ransomware, the recovery portion of response efforts is typically seen as the most critical workstream that receives attention from an organization’s executive team. The recovery phase is an organization’s opportunity to attempt to control the attack and limit its damage and impact. A recovery plan might include the steps necessary to restore affected systems from backups, rebuilding a secure baseline, replacing compromised files, and changing passwords.
Of course, recovery can be complex and organizations need the right information and plan in place to make the most informed business decisions possible. There are a few common misconceptions that organizations have about the recovery process, which need to be addressed to help recovery efforts run as smoothly as possible.
The Undoing of Efficient Recovery
There are many reasons that recovery efforts can go poorly, as it’s a challenging process with many competing priorities. A few common trends that hinder recovery efforts include:
Unrealistic expectations. Setting unrealistic expectations around recovery time, efforts, and projections can result in ineffective decision making. Further, it complicates communication among internal and external parties, which can bottleneck the recovery process.
Undefined roles and responsibilities. Without clearly defined expectations for each person or team involved in the recovery process, organizations can be hindered by having too many cooks in the kitchen who are all competing or duplicating efforts.
Untapped experts. Without engaging IT support or a technical advisor, organizations slow down recovery efforts. Leveraging experts can guide an organization through the recovery process by helping to identify common pitfalls before mistakes elongate the recovery timeline.
Unwillingness to change. No environment will be the same after an incident as it was before. Changes will be made throughout the recovery process to enable the restoration of services, but organizations must also learn where they can improve and streamline these processes for a more efficient recovery in the future.
In recognizing these common challenges, organizations can establish a sound recovery process by focusing on the best practices that have been successfully battle-tested to help recovery run smoothly.
Clarity Is Crucial
While there are many factors that contribute to a smooth recovery process, clear communication and clearly defined roles are perhaps the most critical components.
An efficient recovery begins with a defined disaster response plan that identifies clear roles and responsibilities of all team members involved, including workstreams and workstream owners. This plan should also include clear communication channels and escalation paths across all service providers assisting in the response process. It should also act as a single source of truth with a priority list of servers and applications to recover and a defined recovery process to follow, as well as clear metrics to track progress, identify bottlenecks, and guide decisions.
Above all else, communicating clearly and having defined roles, workstreams, and guidelines are absolutely critical to ensuring success both during and long after the recovery process. Recovery can be complicated, but with the right planning, clear communication, and expert guidance, organizations can better prepare for an efficient and effective recovery process in the event of an incident.
Jeff Chan is Senior Director at technical advisory firm MOXFIVE.