In a previous post, we shared insights, advice and predictions from experts and leaders across cyber recovery, technology and financial services - here’s what four more C-level executives have to say about the current and future state of cyber recovery:
Technology CISO and CTO
“There is a need for better education”
In many cases, security teams lack understanding of their technology stack interconnections. Runbooks are valuable in capturing crucial data for recovery - three weeks for recovery is an optimistic estimate.
“Cutover can help in the case of a recovery”
Cyber recovery is the extreme measure but Cutover can assist not just in recovery but also in the response phase, mapping the process to NIST’s framework for a more comprehensive approach. Using automated runbooks for cyber recovery is applicable across various sectors and business sizes outside of financial services but they still need to have specific foundational cyber recovery knowledge to effectively utilize runbooks.
Technology CTO
“Significant growth can lead to challenges in scaling and compliance.”
Legacy systems are particularly vulnerable to ransomware attacks and could lead to your database also being compromised.
“Prioritize essential services.”
Rather than aiming for a complete like-for-like restoration in the event of a breach, you should prioritize essential services to maintain the company’s reputation during cyber attacks. This means not necessarily restoring the full feature set immediately but ensuring customers remain unaffected.
“Have a lightweight backup.”
In case of a ransomware attack, it’s a good idea to have a lightweight version of your platform or service hosted by your cloud provider that allows customers to access essential services while the main site is being recovered. Instead of focusing on complete recovery initially, the emphasis is on ensuring customer data remains accessible.
“There are pros and cons to different solutions.”
Cyber vaults can have issues such as bulkiness, restoration capability, and possible lack of airgapping. Useful tools include ones that provide a service directory overview showing critical services and their deployment processes and automation tools that can swiftly set up environments in the cloud. During a crisis, experienced engineers’ judgement is more valuable than a set playbook but Cutover provides value in guiding the restoration process and providing visibility into the recovery process, bringing this human expertise and automation together.
CISO of a financial services company
“Cyber requires something different than IT disaster recovery.”
Unlike typical IT disaster recovery, cyber recovery often leaves the organization uncertain about the attack's origin, so preserving forensics is vital. Instead of wiping the existing infrastructure, it's recommended to disconnect it to maintain potential evidence, especially considering the risk of insider threats.
“Recovery is standardizing across industries.”
The Bank of England's paper on Important Business Services concerning operational resilience and process downtime is becoming a standard for maturity across industries. While some organizations still focus on 'business continuity', many are transitioning towards models similar to the Bank of England's approach. Cyber recovery and response remain a top priority at the board level across industries.
“Simulating recovery is crucial and Cutover can be instrumental in this context.”
CIO at a major bank
“Cyber recovery needs significant attention.”
This is especially important in ensuring systems' resilience and rapid recovery after outages.
“We’re following Bank of England advice.”
The Bank of England's paper on Operational Resilience, emphasizing quick recovery and outage prevention, guides the bank's approach, which has seen global adoption.
“Determining what to recover is a challenge.”
The process is time-intensive due to the large data sets involved.
“Tooling is crucial.”
I envision Cutover orchestrating and instrumenting the recovery process and can see its utility in both peacetime and wartime. Any tool, including Cutover, must be seamlessly integrated with the security orchestration, automation, and response system for cyber incidents.
Find out how Cutover can help you improve your cyber recovery or request a demo to see the platform in action.