Security News > 2023 > January > How to start planning for disaster recovery
In the cybersecurity world this is known as disaster recovery planning, crisis management, or backup and recovery policy.
Regardless of the name, it all boils down to pre-incident planning that creates a tested and robust process for the recovery of an IT network and, ultimately, a return to business-as-normal.
An article in the Financial Times recently stated that "Bank of England research in 2020 found that more than 65 per cent of UK-based banks and insurers relied on just four cloud services." If just one of those providers went offline would every UK-based bank have their own backup and recovery plan? The EU doesn't think so and is planning on introducing new regulations that would force banks to factor this into their recovery plans and prove how quickly they could recover from a cyberattack.
None of my most recent examples had any major societal impact, but apply the same situation to a bank, local authority, or look at the recent Irish health service ransomware attack and the situation and lack of recovery planning has real-life ramifications.
There are a million questions that you will need to ask yourself when planning for disaster recovery as this isn't a quick and easy task, and I suspect that is why not many people do it.
Assuming that they are safe and not destroyed by attackers, how long will it take to start the restoration process? If you are cloud-based and running a mixture of virtual systems and cloud apps, how do the two interact? Now you need to talk to your other colleagues: what will legal, HR, PR, even building managers be doing while the IT team and knee-deep in tape backups? This will be the start of your company's disaster recovery plan.
News URL
https://www.helpnetsecurity.com/2023/01/04/start-disaster-recovery-planning/