The National Cyber Security Centre (NCSC) has published the basic guide “Recovery from a Cyber Incident” online. In the document, the NCSC explains the importance of recovery, how to organise it, and what measures can be taken to effectively recover from cyber incidents.
Four steps
The ability to recover from cyber incidents is a prerequisite for digital resilience. But recovery involves more than just backups. Knowing what to protect, the resources you need for this, and how to carry out and practice your recovery is essential. So, it is good to prepare in four steps.
Step 1: Know what to protect
It is impossible to fully protect your organisation against every form of outage or threat. It is therefore wise to identify potential threats and their effects on your organisation early on. Conduct a Business Impact Analysis (BIA). The Business Impact Analysis can be downloaded from the website of the Information Security Service (IBD).
Step 2: Develop a recovery plan
With the insights from the BIA, you have the tools to build a recovery plan. A recovery plan is a document containing guidelines that describe how to quickly resume work after a cyber incident. The recovery plan is essentially the playbook used during a cyber incident to recover effectively and quickly. It describes, among other things, roles and responsibilities, scenarios, and a backup strategy.
Step 3: Practice, test and train the recovery
Once you have everything on paper, it is important to practice and test the plans. Practice ensures that the people who carry out the recovery also learn how to act effectively as a team. Practice can take various forms. Think of a tabletop exercise with live recovery, or participation in the Government-wide Cyber Exercise.
Step 4: Learn from the incident
Cyber incidents are instructive. Once the dust has settled, the incident has been sorted out, and the business processes can continue, it is time to consider what lessons can be learned.
The entire basic guide ‘Recovery from a Cyber Incident’ (in Dutch) can be consulted on the NCSC website.