The cybercrime industry looms as a constant threat to businesses and individuals. Experts estimate that cybercrime costs will reach $10.5 trillion annually by 2025. Now, it's rarely a case of "if" you experience a cyberattack. Instead, it's a matter of "when."
Cyberattacks can range from inconveniences to devastating. Unfortunately, it's too late to fight back once you realize you're under attack. So what can you do to minimize damage and financial loss while getting your business back online?
Creating a cyber recovery plan before a crisis is your best strategy for cyberattack recovery.
For over 25 years, WEBIT Services has built effective cybersecurity procedures and recovery plans for hundreds of clients.
By reading this article, you will learn the goal of a cyber recovery plan, the three pieces each cyber recovery plan needs, and the next steps to take in your plan creation.
What is a cyber recovery plan?
A cyber recovery plan is a kind of IT incident response plan that focuses on getting your business back online after a cyberattack. It answers the question, "What do we do if security, data, or systems are compromised due to a cyberattack? How do we respond and repair the damage?"
A cyber recovery plan may address concerns like:
- "What do we do if there's a ransomware attack?"
- "What do we do if a cyberattack puts us offline?"
- "Do we have data sectioned off securely to prevent cybercriminals from accessing the entire system?"
- "What systems do we have in place to prevent and address attacks?"
- "How do I get a clean data source once I find out I've been hacked?"
Answering these questions will help you prepare for potential cyberattacks. Then, if you are attacked, the plan is ready with emergency contacts, procedures, and backups to help get you back in business as quickly as possible.
The plan must be created before a crisis strikes. Otherwise, you will not have the data and tools to recover quickly.
For example, your cyber recovery plan should address backups and IT continuity. If you do not have these systems in place before an attack, you will not have a way to restore lost data.
3 Critical pieces of your cyber recovery plan
1. Establish emergency contacts
You will need to know who to call in an attack and the support they can provide. Typically, this will include your insurance, lawyer, and IT provider or internal IT team.
If you do not establish these contacts and their services beforehand, they may be unable to support you in a cyberattack crisis.
For instance, you must confirm that you have cyber insurance through your insurance provider. You cannot assume that you are enrolled in this service before an attack. Once you are in crisis, it will be too late to request a safety net from your provider.
Talk to your insurance provider and IT provider if you do not have cyber insurance or have questions about the service.
Your IT provider or internal IT team can also review the IT systems and processes in place to protect your data in a cyberattack. In addition, they will be on the front lines to help restore business functionality during an attack.
However, their impact and the time it takes to recover depend greatly on preparations made before the attack.
Having your emergency contacts and services verified and ready minimizes stress and guarantees a level of support during and after a cyberattack.
2. Identify mission-critical systems
Before establishing backups, you must identify mission-critical IT applications, hardware, processes, and data. Mission-critical IT systems allow your business to accomplish its daily goals, and your company would incur losses without this technology.
For example, suppose a tech helpdesk's payroll software goes down and will take 24 hours to restore. For this business, that's acceptable downtime for this program. It may be important software overall, but productivity does not halt with this software down.
However, this company uses an online ticketing system to track and address customer requests daily. If the ticketing system fails, it halts productivity. As a result, the company will be unable to communicate with customers and, therefore, unable to bring in profit.
In our example, the ticketing software is a critical IT system. Therefore, it will need a continuity plan to minimize downtime and avoid significant losses.
Identifying these systems helps you avoid overcomplication and overspending on unnecessary backup and continuity solutions. In addition, knowing the systems that affect your daily success helps narrow down the backups you need in a crisis.
3. Establish recovery time and recovery point objectives
Your recovery time and recovery point objective will determine how quickly your business can be back online and how much data can be restored. These must be established with your IT provider or team as part of your cyber recovery plan.
If these are not established, you may not have sufficient backups and continuity to restore your systems before damaging losses occur.
Recovery Time Objectives
Now that you've identified your mission-critical systems, you must ask yourself, "How much downtime can I afford?"
If your business is down for a week, would it survive? Are you comfortable being down for a week while your system is restored?
Or would it be detrimental to your business if you were offline for more than 8 hours?
Your answers determine your recovery time objective (RTO). For example, an RTO establishes, "My business needs to be online in this timeframe, or the losses will be too great to recover."
Your RTO must be realistically based on your backup and continuity systems and the data you need restored.
For instance, it's impossible to be back online 30 seconds after a cyberattack, particularly if you do not have IT continuity set up. However, you could be back online in four hours or less with the proper continuity and backup systems.
Recovery Point Objectives
While RTO focuses on the time it takes to come back online, your recovery point objective (RPO) determines how frequently you back up your data. Essentially, you must ask yourself how much data you can afford to lose or recreate in a crisis. Your answer will help determine how frequently you create system backups.
Can all of your data be easily recreated? How far back are you comfortable or able to recreate data that might be lost?
For example, suppose a company can recreate data from a week ago. In that case, their backups would be set to save weekly. In a crisis, they could restore their system from the last save point (a week ago) and, from there, recreate the missing data.
On the other hand, a different company may have data that cannot be recreated (for example, patient x-rays). This company may choose to have backups saved every hour.
Next steps for creating your cyber recovery plan
Some malware can sit in stealth mode for seven months. In that time, it learns your network, where data is stored, and the most important systems to shut down for maximum damage. By the time you realize you're under attack, the damage is already done.
To prevent additional downtime, damage, and financial loss, you must have a cyber recovery plan. Your preparation before the attack directly influences your ability to recover from a cyber attack.
To create your plan, you'll need to:
- Establish emergency contacts
- Identify mission-critical systems
- Establish RTO and RPO
Once you have this information, your IT provider or team will help you craft a final plan. This plan should be revisited and, if necessary, updated annually. If you have a recovery plan already but haven't discussed it in the last year, speak with your IT provider to ensure it still meets your needs.
WEBIT Services has been performing risk assessments, creating incident response plans, and enacting IT strategies for satisfied clients for over 25 years.
If you're looking for a new IT provider, book a free 30-minute assessment to see how WEBIT services can help.
If you're not ready to make a commitment but would like to learn more about cyber threats and IT strategies like disaster recovery, we recommend the following articles: