Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

This year has been the ultimate test of business resilience, and if anything is now clear, it's this: It's time for security pros to rewrite their playbooks in preparation for a more dangerous wave of attacks.

Pam Baker, Contributing Writer

November 3, 2020

7 Min Read
Dark Reading logo in a gray background | Dark Reading

(Image: Michael Traitov via Adobe Stock)

(Image: Michael Traitov via Adobe Stock)

Cybersecurity threats and disaster recovery planning are not new business concepts. Neither is the need to change the game plan to keep up with current events. Certainly, recent ransomware attacks have driven those points home with a multimillion-dollar sledgehammer.

"Businesses in 2020 have seen an incredible amount of disruption, from dealing with a global pandemic response, to accelerated digital transformation efforts, more advanced business intelligence initiatives, and IoT proliferation," says Jason Albuquerque, CSO and CIO at Carousel Industries, an IT and managed services firm. "Now couple this with an intense level of geo-political, natural disasters, and social unrest, and you now have the makings of an apocalypse movie script or Nostradamus prediction."  

Suffice to say, there's a good chance your security plans are in need of some level of overhaul.

"If the pandemic has proven anything, it is that security professionals need a new playbook," says Peter Margaris, head of product marketing at Skybox Security. "This requires a mind-set shift from the traditional detect-and-response approach to a proactive offense."

Resilience should also be the goal, adds Bindu Sundaresan, director at AT&T Cybersecurity – "meaning rewritten to not just focus on textbook attack scenarios such as DDoS, ransomware, phishing, cloud misconfiguration attack, and human error, but to also focus on achieving cyber resilience against multilayered attacks, which involves several threat vectors in cohesion."  

How do you start with such a major rewrite in your organization? Here are some tips from security pros on the front line.

(Image: ipopba via Adobe Stock)

(Image: ipopba via Adobe Stock)

Make a Hard Shift From Response Plans to Resilience Plans

Rapid responses to threats alone are not enough. To survive and thrive against today’s unending and multilayered threats, companies must become far more resilient to the blows that are inevitably coming.

"Organizations cannot stop every threat or disruption, but building, reviewing, and continuously testing comprehensive response plans coupled with recovery plans can exponentially reduce risk and exposure," Carousel's Albuquerque says. "The greatest successes against modern-day cyberattacks include collaboration across all business units, comprehensive recovery planning, and methodical scenario testing."

(Image: Antonio Rodriguez via Adobe Stock)

(Image: Antonio Rodriguez via Adobe Stock)

Change Response Plans From ‘On Deck' to 'Remote Spread'

Company workforces are scattered to the four winds in response to the pandemic, and with that a centralized place for all to gather quickly to fight off a new attack no longer exists for most organizations.

"In the past, when an incident occurred it was 'all hands on deck,' with all personnel being on-site," says Keith Mularski, managing director in cybersecurity at international consultancy EY and formerly Cyber Unit Chief at the FBI. "However, in today's environment, you must be able to communicate remotely and respond effectively. This often presents challenges because people usually aren't prepared to respond this way, and comprehensive remote response is not included in most trainings or playbooks."

(Image: via Adobe Stock)

(Image: via Adobe Stock)

Consolidate Tools

Complexity favors the attackers – and few things are more complex than defensive tools.

"Siloed and disconnected tools and platforms have created extremely complex environments that limit context, stifle productivity, and limit the ability to rapidly detect and respond," Carousel's Albuquerque says. "Consolidated technologies reduce the overhead and complexity and, in turn, promote efficiency, increase response times, and provide increased visibility and the much-needed context that modern-day resilience plans require."

(Image: Molnia via Adobe Stock)

(Image: Molnia via Adobe Stock)

Revamp and Recast Testing

Traditional testing needs a remake not only to ensure an organization is truly resilient, but to also break through security training complacency.

"The purpose of testing out the playbooks is to improve the maturity of a cybersecurity program by identifying lessons learned from the simulation exercises," AT&T Cybersecurity's Sundaresa says. "In this new environment, no one can treat cybersecurity as a responsibility that stops with a core [incident response] team. Resilient organizations must ensure every person understands and contributes to a culture of situational awareness, active response, and continuous improvement."

(Image: onephoto via Adobe Stock)

(Image: onephoto via Adobe Stock)

Plan on Complications and Longer Recovery Times

With threats larger, harder, and meaner, the bounce back is going to take a while longer and considerably more effort.

"Organizations may need to adjust their RTO [recovery time objective] expectations, understanding that recovery may take longer," says Will Bass, VP, cybersecurity services at data center and hybrid IT provider Flexential. "Alternatives must also be in place in case employees cannot travel to recovery sites or a user's house to recover a compromised system."

(Image: tadamichi via Adobe Stock)

(Image: tadamichi via Adobe Stock)

Implement Context-Aware Change Management

Change is constant, and it can also break stuff, so prepare to prevent that from happening or at least be able mend on the fly.

"The 'new normal' requires more agility than ever before," Skybox Security's Margaris says. "To ensure security policy changes are adequately analyzed and properly deployed without introducing new risks, organizations need context-aware change management that coalesces the decision-making process across enterprise security and network teams."

(Image: nakedcm via Adobe Stock)

(Image: nakedcm via Adobe Stock)

Expand Tabletop Exercises

Bad actors put your entire workforce in play on the battlefield. Why are you limiting response efforts to a chosen few when those same workers can help fight back, too? Expand the plan and expand your forces.

"Conduct tabletop exercises with members of the security operations center, but also with C-level personnel, internal and outside counsel, and communications or media personnel," EY's Mularski advises.

(Image: iQoncept via Adobe Stock)

(Image: iQoncept via Adobe Stock)

Practice to Make the New, Normal

It's not the "new normal" you need to adopt – it's making a quick and integrated response to the next novel threat a normal thing.

"In addition to new planning, I have increased the drills and widened our scope to cover the increased threats and the potential frequency of them," says Drew Daniels, CIO and CISO of Druva, a SaaS data protection and management company. "No one in the age of technology has really ever faced a situation like this before, and given the combination of a remote company and a remote security team, the only real way to prepare for a situation like this is through regular practice."

(Image: nakedcm via Adobe Stock)

(Image: nakedcm via Adobe Stock)

Don't Let Your Guard Down

While all of the preceding suggestions are practical tips in a decidedly impractical time, there is plenty ahead that will require even more adaptations and many on the fly.

"As threat attack surfaces and potential entry points increase … and the disarray of data privacy and security regulatory compliance is marred with clumsy oversight and intervention, the landscape will be continue to be a biblical-times-level of chaotic," says Johanna Baum, CEO and founder of S3 Consulting, a niche consulting company focusing on IAM, eGRC, and security professional services. "But experts are more outspoken now than ever before. The repeat warnings are louder and more committed, and the ability for organizations to deprioritize security initiatives is less palatable for the executive board."

About the Author

Pam Baker

Contributing Writer

A prolific writer and analyst, Pam Baker's published work appears in many leading publications. She's also the author of several books, the most recent of which is "Data Divination: Big Data Strategies." Baker is also a popular speaker at technology conferences and a member of the National Press Club, Society of Professional Journalists, and the Internet Press Guild.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights