Many organizations do not place enough importance on disaster recover. What would motivate an organization to do so? What might happen to this organization in the event of a real event?
What are the indicators of an incident that may be overlooked until it is too late? How can you as an information security manager work to prevent disaster from happening if these indicators are not seen as a problem?
Will a contingency plan prevent all disaster from happening? If so, how? If not, why not and what can be done about it?
People are only motivated by loss, or the apparent threat of loss. Only by losing money to a cyber-disaster, or witnessing a congruent competitor lose money to a disaster, will most organizations be inspired to prepare for disaster recovery. Whether that includes a hot site, or a back – up server, the surest way to motivate a CEO to spend money for disaster recovery, is have a single blind “role play” where someone informs the CEO that 10 years of client data was lost due to improper backups or a freak sprinkler accident.
The presence of uninstalled or unknown programs could be an overlooked indicator of an attack. As virus’s look to preserve themselves, many hacking tools, already unfamiliar to the average user, tend to obfuscate themselves by changing the icon or filetype of the interloping file. As system administrators, we should aim to audit all the files of our end user’s workstations, and also have specific backups, ensuring a revision point in case they become compromised.
No contingency plan can ever prevent a disaster, but by creating and continually maintaining a business contingency plan, a system administrator can prevent accidents before they happen, and will be better prepared to mitigate and recover from a disaster, should one strike.