Recovery Strategy
Have a recovery strategy in place, before you find out your infrastructure is breached you should know what to do when being compromised through attacks. Backup your data and make sure the backups cannot be accessed by an attacker to wipe them out. An offsite copy (air-gap) or read-only on any media is highly recommended to survive any attack.
Furthermore, you must be aware that in case of a breach it is very likely that your assets will be sealed by government entities for analysis and forensic and they won’t be available for recovery. You should rely on dedicated recovery hardware in addition to keep off-site copies.
It’s also very likely that your internet connection will be shut down to kick intruders out and/or to prevent data leaks. Therefore, you might need an alternate way to reach your off-site backups.
Preparation is the key. You must have tested recovery keeping in mind you will have to restart from nothing but backup files and a blank infrastructure.
- Get the task force ready
- Know your assets, to prioritize recovery. First perimeter is the surrounding environment, such as phone, mail, domain controllers, DNS etc etc… Then your core applications shall restart immediately after
- Extensively use testing automation tools, such as Veeam SureBackup or Disaster Recovery Orchestrator