The “Recover” function of cybersecurity

The “Recover” function of cybersecurity

This is the last article related to our CyberRisk Control CISO-360 intervention and diagnosis plan. What to do when the worst happens? Despite all the cybersecurity controls and protections in place, your organization may become a victim of a cyberattack on its information systems. Here’s what managers need to know to mitigate this crisis. This final article in the Cybersecurity for Managers series covers the “Recover” feature, which enables a quick resumption of activities. Eficio’s CISO-360 Cyber Risk Control diagnostic provides a series of controls that indicate an organization’s ability to recover from a cyberattack.

Pierre Farley
Eficio Partner and CIO

The primary objective of the “Recover” function is to return to normal business operations as soon as possible. This feature helps recover data, restore it, and restore business capabilities to function as intended. The presence of a recovery plan will determine an organization’s capacity and how quickly it can return to normal. The “Recover” function is directly linked to the “Identify” function, which helps to identify an order of priority for restoring services. This prioritization is based on the level of impact on the organization.

The following items are essential in the “Recover” function:

• Recovery Planning – Involves prioritizing the return to critical services to enable the IT team to focus on the most important activities. Managers should be stakeholders in prioritizing the order in which services will be retrieved. In a cyberattack, all players must work together. A plan should include recovery procedures and responders to eliminate any improvisation that can be disastrous, especially in a context where tension is at its peak.

• Improvements – Updating the plan is a recurring task and must follow the evolution of the systems. A reassessment of critical systems and expectations is required regularly. It is essential to record lessons learned during and after a cybersecurity event, which can help update the plan.

• Communication and strategy – The communication plan is essential for an effective return to service and managing internal and external perceptions. This plan coordinates all stakeholders. It is crucial to consider in advance how to manage a ransom demand.

Our series of articles on popularization brings together financial controls, as specifically described in our first article in the series, “CyberRisques based on a financial control model.” In a financial context, recovery is equivalent to a financial disaster requiring extraordinary means to rectify the situation, such as a recovery plan or protection of financial assets to ensure business continuity. Recovery in a technological context is also important and drastic because if no action is taken, business continuity will also be at risk.

We often hear news about organizations that have experienced a cyberattack and its impact on their operations, which may last for weeks in some cases. It is conceivable that many of them were unprepared for the recovery function’s activities. Through the execution of our CyberRisk Control CISO-360, we observe that the recovery function is the poor child of a cybersecurity plan. The priority of the teams responsible for cybersecurity is mainly to increase maturity in the “protect” and “detect” functions. Nevertheless, it is essential to start a recovery plan, even at a minimum, to identify stakeholders and agree on recovery prioritization based on the systems’ criticality for the organization.

Our cybersecurity experts are all managers with extensive experience in risk management. They can advise you on the steps to follow to establish your plan effectively. As demonstrated in this cybersecurity series for managers, our CISO-360 CyberRisk Control tool and methodology provide a complete approach with a 360-degree view of your cybersecurity program. You will have a clear picture of your posture and risks and an Eficio expert who will adapt your plan according to your organization’s size to deal with cyber threats effectively.

If you want to react to this article or obtain more information, do not hesitate to contact Eficio.

You can access all articles in our series via the following links: