Kyndryl is aiming to complement incident response retainers currently available on the market by helping organizations recover from cyber incidents such as ransomware attacks.

“The operational, financial, and reputational impact of cyberattacks continues to increase,” Kris Lovejoy, global security and resilience leader at Kyndryl, wrote in response to questions from SDxCentral. “Organizations need to fend off 100% of constant attacks to remain safe, which is a never-ending battle.”

Lovejoy likened the new Kyndryl Recovery Retainer Service to an insurance policy  — when a cyber incident occurs, the service will be activated with additional proactive services to prepare for recovery.

Kyndryl will provide on-demand experts to assist customers to improve preparedness and deliver support on the ground or remotely for recovery.

“With over 7,500 skilled practitioners deployed around the world, our team at Kyndryl offers a deep history and experience in running recoveries to support geographically distributed environments and local or regional regulatory requirements,” Lovejoy touted.

The service offers a clear remediation process that includes creating a clean environment for restoring, defining recovery steps based on forensics results, redeploying applications and restoring data or clean systems, and hardening and quality controls, she noted. 

Those capabilities complement existing incident response retainers, Kyndryl claims. Because of that, Kyndryl offers the recovery service both as a standalone solution and also as part of its “comprehensive” retainer service with discovery, containment, and forensics for customers who don’t have an incident response retainer service, according to Lovejoy.

To improve cyber resilience, organizations should have a cyber recovery plan to protect their assets after a breach.

“IT and cybersecurity teams are being tasked to demonstrate that cyber resilience does not reside solely on whiteboards anymore,” IDC research VP Craig Robinson said. “Having an actual cyber recovery plan that allows for key capabilities to be brought up in a controlled and rapid manner is a key step in cyber resilience.”

And practice is also important. “A logical progression involves practicing the cyber recovery plan on a regular basis to reduce the elevated stress levels that are inherent in an actual cyber recovery operation, while simultaneously smoothing out the kinks from the inevitable changes to an organization’s digital footprint,” Robinson said.

After the quick recovery actions, organizations should then pivot their focus from protective controls to prevent future losses through reinfections, Lovejoy noted.