As the use of and dependence upon technology grows, network attacks have become more sophisticated. Indeed, perimeter defenses like firewalls and antivirus, no matter how layered, offer little protection against savvy cyber criminals intent on breaching network security. Anticipating an attack has become an inevitability for most companies. Building an effective disaster recovery (DR) strategy is necessary for operating securely in today’s connected marketplace.
An effective DR solution includes comprehensive risk management policies and incident response performances that are designed to mitigate the severity of an attack. By examining some common incident response failures, companies can better orchestrate their DR policies and meet the security challenges of tomorrow.
Poor Network Visibility
Without a clear understanding of the current IT environment, it’s impossible to adequately prepare a DR plan. The most important aspect of security involves knowing exactly what traffic is moving through the business network, where it originated, and which hardware it contacts. Without complete visibility, there’s no way to respond to possible threats.
Many DR plans call for the immediate isolation of an affected machine. However, unless the business is able to clearly identify lateral movement within the network, an eventual data breach could be forthcoming.
In order to proactively prevent an attack from escalating, companies must deploy web proxies and advanced firewalls that are designed to log, collect, analyze, and store interactions. Essentially, these technologies create an audit trail that can be utilized to address the threat and provide long-term actionable information.
Companies need a dedicated IT staff of experienced, competent personnel who can interpret and identify the information generated by these technologies. The advantage of employing IT professionals who understand the specific business network intimately is significant. Disaster response personnel should be able to communicate appropriate incident responses with each business department while keeping their attention solely dedicated to DR.
In many cases, an underfunded DR plan isn’t the result of a lack of available funding; it’s due to a lack of communication. DR personnel must be able to express their needs in a way that is relevant to the business’s success and profitability, stressing statistical information concerning repercussions created by a massive data breach (including both tangible and intangible consequences).
A business should develop standard IT security reports that can be delivered to various department managers and executives. These reports should include areas that are satisfactory as well as those that represent serious gaps in security that need to be addressed.
Comprehensive Risk Assessment
Any DR plan should address critical aspects first. The best way to ascertain specific business risks is to generate a comprehensive risk assessment and then use it to orchestrate explicit incident response levels. Companies should tailor responder access in relation to the risk management assessment so that key personnel have the ability to make infrastructure alterations without having to wait for authorization.
Companies can improve their DR performances by examining previous incident responses and equipping their internal IT support with the tools required to mitigate threats. Moreover, conducting a complete incident investigation in the wake of a disaster often helps illuminate gaps and provide key intelligence for future responses.