How well you recover from a cyber attack often hinges on the strength of your backups.
Cleaning a network or system of all traces of malicious code often requires a complete wipe of all storage media and a “clean install.” Therefore, recovery from such a breach may be resource intensive and require careful restoration of data from backups. Remember that backups may also contain malicious code and should be carefully checked for compromise; otherwise, the security breach will be perpetuated after the recovery phase.
To maximise your chances of a swift and complete recovery it is essential to have an appropriate recovery plan in place. Your plan should include:
- Replacing compromised files with clean versions.
- Rebuilding infected systems.
- Removing temporary constraints that were imposed whilst containing the attack.
- Changing passwords on compromised accounts.
- Installing patches, changing passwords and tightening network perimeter security.
- Testing all systems thoroughly – including security controls.
- Confirming the integrity of business systems and controls.
Conducting an external penetration test of the affected systems after recovery will confirm if systems are operating normally again or not.