Wednesday, March 28, 2018

Data breach: How do you recover?

NIST issues guide for quick recovery and ensuring post-breach integrity
PARCA eNews – March 19, 2018 – Preventing a cybersecurity breach is the goal of all IT security officers, but with the number, range and frequency of attacks, at some point a breach may occur. What do you do when that happens, and more importantly how quickly and completely you can recover can be critical to your organization’s ongoing operations, particularly in healthcare. 

Patients sometimes can’t wait for a x-ray, CT or other imaging scan while the IT department conducts a thorough investigation of a ransomware attack and takes whatever steps needed to recover the ransomed data.

To address the issue of restoring data integrity and breach recovery the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) collaborated with several technology companies to develop a practice guideline.
The goals of this NIST Cybersecurity Practice Guide are to help organizations confidently: 
  • Restore data to its last known good configuration 
  • Identify the correct backup version (free of malicious code and data for data restoration) 
  • Identify altered data as well as the date and time of alteration 
  • Determine the identity/identities of those who alter data 
  • Identify other events that coincide with data alteration 
  • Determine any impact of the data alterations 
The resulting three-volume practice guide was published in September 2017. It covers all forms of data integrity attacks from hacking, malware, ransomware, malicious insider activity, and even honest mistakes and the measures needed to recover quickly, safely and accurately.

The executive summary outlines the challenge to organizations for quick recovery from an integrity attack that ensures that recovered data is accurate, complete and free of malware. The guide includes solutions needed to integrate multiple systems working in concert to recover from the event along with recommendations for auditing, investigating and reporting events.

The guidelines are intended for organizations of all sizes to help develop strategies to minimize damage and speed recovery from data breaches.

The document is a collaboration of the two government agencies along with corporate participants including GreenTec, HP, IBM, Tripwire, MITRE Corp. and Veeam. The goal is to help organizations prepare for the worst-case scenarios and develop effective plans for recovery from a cybersecurity breach.

The NCCoE at NIST built a laboratory environment to explore methods to effectively recover from a data corruption event in various Information Technology (IT) enterprise environments. NCCoE also implemented auditing and reporting IT system use to support incident recovery and investigations.

The guide covers two types of risk assessment: an analysis of the risk factors facing financial, retail and hospitality institutions, and an analysis of the components within the solution and the vulnerabilities they might introduce. It also addresses architecture and technologies, provides example implementations, security characteristics, functional evaluation and future build considerations.

A copy of the draft guidelines are available on the NCCoE and NIST website.

Comments on the draft are welcome.

No comments:

Post a Comment