The purpose and challenge of recovery is to mitigate the range of harmful impacts that may result from a successful compromise of critical assets.
Because of this possibility, the best approach is to be prepared with a well-conceived recovery plan, supported by suitably skilled response capability. Where many organizations fail in this regard is due to the separation of business, security, and IT operations groupsâ€”these teams must work together to ensure the highest, most effective degree of recovery capability. It is therefore advisable to maintain a â€œcrisis committeeâ€ to set priorities that engage in desktop and other exercises to test the organizationâ€™s ability to recovery from different attack scenarios.
The exact capabilities required by organizations may differ, and may need to be reinforced with external expertise. In general though, the capabilities required should cover IT operations, investigations, effected business units, legal counsel and communications.
Maintaining customer confidence immediately following a breach through clear and timely messaging is also extremely important in protecting brands, as well as mitigating the direct impact on customers.