Attacks on cybersecurity have not only increased and become diverse but they have also become more disruptive and damaging. More and more new kinds of security-related events occur frequently. And therefore the NIST (National Institute of Standards and Technology) has issued the Guide for Cybersecurity Event Recovery to help companies build a game plan to neutralize the opponents and quickly get back on the field.
As the number of cybersecurity events rises and the variety of kinds of attack increases, it’s not the question whether there would be a cybersecurity event, but it’s when it would be there, as stated by computer scientist Murugiah Souppaya, one of the authors of the guide.
Added to the general increase in events, the CSIP (Cybersecurity Strategy and Information Plan) published in 2015 by the Office of Management and Budget, recognized inconsistent NIST incident response framework all through the federal government and asked agencies for improving these skills.
As defined by the CSIP, “recover” means building and executing plans, procedures, and processes to entirely restore a system declined during a cyber-attack. Recovering can be as simple as regaining data from a backup, but typically it is more complex and the system can be brought back online in stages.
Recovery is a crucial part of the risk management process. No federal guidelines, policies or standards have yet focused particularly on recovering from a cyber-attack. And before the new report, not any publication has talked about recovery approaches in one place.
NIST computer scientists prepared the Guide for consolidating current NIST recovery guidance like that on contingency planning and incident handling. It also offers a process that every company – federal or otherwise – can utilize to form its own comprehensive recovery plan to be prepared when a cyber-attack takes place.
The publication offers strategic and tactical guidance for building, testing and enhancing recovery plans and appeals companies to generate a particular playbook for each potential cyber-attack. The guide offers instances of playbooks to deal with ransomware and data breaches.
Souppaya says that each company should develop its own playbooks and plans well in advance in order to be successful and then they need to run the plays with tabletop exercises, understand their team’s level of preparation by working within them and repeat.
There are other sources which the companies can take help of, such as CyberBit, which provide advanced endpoint detection, industrial network protection, SOC automation, and cyber security training and simulation.