Recovery
We heard a lot to have frequent backup as mitigation measure to recover system from attack, most likely from ransomware.
While periodic backup is important, the hard part is when do we know if the recovered system still carried the malicious codes that threat actor has planted? That said, the backup has already included the persistent threat.
This is complex and situation specific. Some thoughts can be considered:
Have digital forensic expert to examine the infected system, understand the attack path and the trigger for malicious codes, revalidate these behaviors after complete system recovery before back to businessSegregate contents from codes; so that a clean system can be built. The challenges are the configuration and data connector; whether persistent threat is stored as data (usually in external supplied content like readers' comment)
There is no bullet proof solution but to maintain a hygiene information processing environment in reducing the likelihood:
Adopt SecDevOps to address weakness during development and subsequent operationsConduct periodic holistic cybersecurity assessment...