Disaster Recovery Journal Winter 2024

The current threat environment doesn’t give us the luxury of operating without an updated incident response program in place. “

Additional research, conducted via search engine and AI, didn’t uncover noticeably different statistics from those presented above. Cybersecurity Awareness Month 2024 Goal: Jump-Start Your Company’s IR Program The current threat environment doesn’t give us the luxury of operating without an updated incident response (IR) program in place. Where do you start? In the remain der of this blog, I’ll share best practices for jump-starting an IR program of your own. Understand That Documented IR Plans Are a ‘Must-Have’ This recommendation might sound obvious, but if you don’t have a formal ized incident response plan in place, you need to create one. If you do have a plan in place but it hasn’t been updated in the past six months, you need to take immedi ate action to update it. Give your company a CSAM protec tion gift, by downloading an incident response plan template and tailoring the template to create a plan that’s based on your company’s specialized requirements. Involve Your Executive & Corporate Communications Teams This is where many companies struggle with incident response. These days, social media and collaboration platforms like Microsoft Teams and Slack drive orga nizational communication, and negative social media buzz can have a devastating impact on your company’s brand name and/or financial picture. Make sure there’s a plan for executive management to com ment on a timely basis when a potential breach occurs, as necessary. Even more importantly, provide your customers, employees and business part ners with recovery updates on a routine basis. In other words, you don’t want customer complaints or negative buzz on social media platforms to drive how your company’s response is measured, which is likely to impact customers’ willingness to do business with you in the future. Practice Your Response Before Incidents Occur Company executives practice for major

presentations and pre pare extensively for key meetings, but amazingly many organizations don’t practice their incident response plans before an incident occurs. An effec tive incident response plan requires the use of tabletop exercises, where key stakeholders review their roles in response to future incidents, usually moderated by a facilitator or project sponsor. During the exercises, communications strategy, technological planning and recovery priorities are discussed, agreed upon and fine-tuned. Remember to involve all major orga

deleted or encrypted data to be restored from a specific timeframe, typi cally via a web-based user interface (UI). Essentially, you can recreate your data environment from snap shots that are created on a routine basis, permitting you to recover quickly and maintain business produc tivity. For example, if you believe a ransomware attack occurred on Sunday at 4 a.m., then you can restore your data environ ment to how the environ ment appeared at 2 a.m. on Sunday, just before the successful attack. In addition to auto

nizational functions in your tabletop exer cises, since effective response extends well beyond your IT team. Imagine Life in a Non-Digital World Most of us take data access for granted. Imagine not having convenient access to traditional data repositories and communi cations platforms that you use on a daily basis. That’s what you’ll experience when you’re hit by a major cyber-incident. You should maintain a manual listing of key phone numbers and colleagues’ contact information. Ideally, key stake holders should have colleagues’ con tact information saved on their business mobile phones. Isolate important recovery documentation like network diagrams and critical information that will be required in the event of a catastrophic data breach or cyber-incident in a secure data enclave. The enclave should be locked down and restricted to need-to-know company con tacts. Examine Your Data Backup & Recovery Policies These days, many organizations are exploring snapshot recovery from poten tial ransomware attacks, insider threat situations and even recovery from users’ errors. Snapshot recovery allows bulk

mated snapshot recovery solutions, many data security professionals recommend that you follow a 3-2-1 data backup strat egy. That approach entails keeping three copies of data, utilizing two different stor age types and keeping one copy of your data off-site, in order to recover more rap idly. Reduce Your Company’s Cyberattack Surface One of the simplest and least expen sive ways to simplify incident response is by making cyber-attacks more challeng ing for attackers in the first place. This is accomplished by knowing what data you manage and where it’s located. You should also make sure the proper organizational contacts have access to the data on a “busi ness need to know” basis. In addition, pro actively tackling content sprawl is one of the most effective ways to reduce your overall attack surface and increase users’ productivity. v “

Neil K. Jones is the director of cybersecu rity evangelism at Egnyte. With more than 15 years of industry experience, Jones is a proven cybersecurity thought leader who offers subject matter expertise on a broad

range of topics, including data security, risk management, incident response, and CMMC 2.0. He’s been an active Certified Information Systems Security Professional (CISSP) since 2008.

DISASTER RECOVERY JOURNAL | WINTER 2024 27