Recovery is the process of returning operations to normal after an incident. Recovery efforts are determined by:

  • the response or remediation of the incident
  • how prepared the organization was for an incident in the first place.

If an incident is not handled properly, it could turn into a crisis. Recovery from a cybersecurity incident is critical to an organization. Recovery can determine whether an organization will survive an incident.

The recovery point objective (RPO) is the maximum time that can pass during an incident before the quantity of data lost surpasses the allowable level.

The recovery time objective (RTO) is the amount of time to recover from an incident before the organization begins to face dire consequences due to the disruption of service.

An organization should have a recovery plan in place before an incident and should be taking steps to be resilient to an attack. There should be an incident response plan (IRP) and a disaster recovery plan (DRP). An organization should also have a business continuity plan (BCP). Organizations should also develop incident containment plans in order to make recovery from incidents easier and less expensive.

An organization should determine its most critical applications, personnel roles during a disaster, and an incident response team. It should also have network and hardware configuration documents, and should preplan where and how the recovery plan will be initiated. A business impact assessment (BIA) should be conducted prior to the DRP. All plans must be practiced, tested, reviewed, and periodically updated—especially after determining the lessons learned from incidents.

After recovery, there should be an analysis of the incident, including a review of the causes and the handling of the incident/crisis. Such an analysis helps to rectify issues so that the organization is better prepared. Expedient recovery is critical for an organization to increase its cybersecurity resilience. Since perfect protection from cybersecurity attacks is often elusive, recovery and resilience have gained increased importance in modern organizations.