How can you ensure your organization's data is recoverable after a cyber attack?

I absolutely agree with identification and classification of all data assets based on sensitivity and criticality to the organisation. In addition, there's need to have an incident response team and plan in place alongside a working DRP. Effective backup systems must be implemented and constantly tested to guarantee the integrity of the backup. That said, incident response team will establish the actual time of the incident to determine which restore point or backup is safe for the business.

Look at identity and access management. This will give you known data locations. Then look at CASB reports to understand Shadow data locations. All SAAS services are easy to sign up for these data, ask yourself do you know where data is going first? Even mapping job roles to systems & IAM required can be helpful in identifying those grey systems, and most importantly the value of the data held. Only then can you actually map and classify data. Chances are, this will only need to happen on some core systems and other platforms can be consolidated or blocked! One less place to back up !

3 policies that should be included are: 1. Check your backup logs daily 2. Do not rely on a log entry that indicates that the backup was successful; include doing a test restore at least once a month 3. Depending on your industry requirements, Keep the following tapes locally, year end, 12 month ends, 4 week ends and 5 dailies. Rotate as needed

Uma politica que adoto é sempre ter um ambiente "Offline" ... este ambiente é "Plugado" a cada 7 dias nas maquinas de gerenciamento de backups e realiza um backup dos backups ... esta é uma forma de redundancia caso o pior aconteça.

Do you backup SAAS services ? Most will take no liability for lost data. Check your supply chain t&c! Policy’s are great, however dependent on company size, monthly or quarterly procedures should be written from the day your platform or service goes live.

Establish your legal operating baseline. Then technically understand how you adhere to this. Chances are the tooling or methodology used, can then add multiple layers if different standards & frameworks. Remember above regulation & law, any further framework or standard should generate an ROI against implementation & cost of ownership.

One of your policies should be that all company data resides on a server, not a user's computer. *Keeps all of the latest versions all in one place *In case of a laptop being stolen/lost *Employee steeling data

Personally I believe educating staff on how to protect themselves personally and consequence of not doing so, will improve business far greater than a click thru slide show. Free password manager’s, tips & tricks, security keys or mfa can really grab attention and protect the most important asset, Identity. A user protecting their own identity will protect their work identity also, directly protecting the business.

While self-patching is important, a cloud-based DR plan offloads much of the responsibility for routine patching and maintenance to the cloud provider. You are still responsible for the efficacy of the overall plan, but with the shared responsibility model with your cloud provider, you lighten your administrative load and gain the multi-availability zone and multi-region footprint of a cloud-based DR plan. On top of that, you’ll likely save money in the process.