From: NIST
“Defense! Defense!” may be the rallying cry from cybersecurity teams working to thwart cybersecurity attacks, but perhaps they should be shouting “Recover! Recover!” instead. Attackers are increasingly racking up points against their targets, so the National Institute of Standards and Technology (NIST) has published the Guide for Cybersecurity Event Recovery (link is external) to help organizations develop a game plan to contain the opponent and get back on the field quickly.
As the number of cybersecurity incidents climbs, and the variety of types of attacks grows, “It’s no longer if you are going to have a cybersecurity event, it is when,” said computer scientist Murugiah Souppaya, one of the guide’s authors.
For example, the number of companies experiencing ransomware events, in which attackers hold an organization’s data hostage until the ransom is paid, have tripled between the first and third quarters of 2016 alone, according to the December 2016 Kaspersky Security Bulletin (link is external).
In addition to the overall rise in incidents, the 2015 Cybersecurity Strategy and Information Plan (link is external) (CSIP), published by the Office of Management and Budget, identified inconsistent cybersecurity response capabilities across the federal government and called for agencies to improve these skills.
The CSIP defines “recover” as developing and implementing plans, processes and procedures to fully restore a system weakened during a cybersecurity event. Recovering may be as simple as restoring data from a backup, but usually it is more involved and the system may be brought back online in stages.
Leave a Reply