Mexcorp

Something big is coming. The Era has begun.
visit
www.mexcorp.ct.ws today and get started

Unlike any other power. AI is been used for good and bad. And it's growing past it boundaries.

The Failure of AI In the Modern Age A hypothetical event where AI fails in the future can have many different interpretations and outcomes. Even though AI has made great stride...

How to Recover from a Cyber Attack

Cyber attacks are like earthquakes. There is the immediate shockwave when an incident occurs, as you hurry to identify the source of the breach, plug the vulnerability and fulfil your immediate regulatory requirements.

Then come the secondary waves that produce new problems. For example, how have essential operations been affected, and what are you doing to protect and restore your reputation?

Organizations often overlook the damage that these lingering problems cause, and the consequences can be far more expensive than they bargained for. According to one report, organizations could spend £3.6 million or more recovering from a security incident – and without appropriate processes in place, that figure could be much higher.
It’s why experts recommend a layered approach to cyber security that accounts for the steps organizations must take after an incident has occurred in addition to measures designed to prevent breaches.

The framework is known as defense in depth, and it contains five interrelated stages. Even if one of these defensive layers is breached, the next works to further contain the damage.

We’ve been looking at each stage on our blog, explaining what it encompasses, how it fits into an organization's overall approach to cyber security and the controls that can be implemented to establish it.

Having previously discussed the first four stages – detection, protection, management and response – we now turn our attention to the final layer of defense in depth: recovery in the next chapter.

What is threat recovery?

When all other lines of defense fail, you need to ensure your organization can survive.

More often than not, you will be able to restore enough critical services to be able to continue functioning, but it can take months to fully return to business as usual. In the meantime, you need a plan for how you will manage, plus you need appropriate resources to implement those plans.

For a start, you need business continuity and disaster recovery plans. Business continuity is about ensuring that your organization continues to operate in the event of disruption. It’s a way of temporarily addressing a problem until you’re able to address the underlying issue.

For example, say your office is flooded. A business continuity plan would outline how to secure your important assets and how to ensure staff can continue to work.

Meanwhile, disaster recovery is the process of resolving the disruption. At its most basic level, it involves identifying the source of the incident and finding a way to fix it.

The plans are usually very technical and focus on specific deadlines that must be met to prevent catastrophic damage. It will include things such as RTOs (recovery time objectives), which are estimates of how long it will take for a product, service or activity to become available following an incident.

Comprehensive documentation ensures that the organization is prepared for whatever happens, but implementing these plans can be expensive. This is where cyber insurance helps.

Policies provide organizations' with the means to implement incident response measures, such as forensic investigation, legal assistance and public relations support.

These activities aren’t typically included in standard business insurance policies, which usually only cover costs related to technical issues, such as corrupted hard drives and lost devices.