fbpx
Doron Youngerwood

The CISOs Guide to Cyber Recovery

  • January 15, 2025
  • 6 min read

About Continuity™

StorageGuard - by Continuity™ - is the ONLY Security Posture Management solution for Storage & Backups, helping to ensure these systems are securely configured, and compliant with industry & security standards.

Read more

The rapid increase in cyberattacks is putting greater pressure on Cyber Resilience and IT Infrastructure teams to ensure the reliability, integrity, and availability of their systems and data, to withstand and recover from these threats. 

As such, having a robust cyber recovery strategy is no longer optional – it is a critical part of every CISOs and Head of IT infrastructure’s strategy.  

However, with only 21% expressing full confidence in their organization’s cyber resilience strategy – according to a recent research report* – there’s clearly work to be done. It seems that cyber recovery lags behind other cybersecurity initiatives. 

This article explores the world of cyber recovery, emphasizing the critical role of verifying the configuration of IT environments to enable timely restoration of data and the recovery of systems, applications, and services. 

While cybersecurity focuses on preventing threats, cyber recovery deals with minimizing downtime and mitigating the impact of successful attacks. A comprehensive cyber recovery strategy involves planning, testing, and executing recovery actions to ensure business continuity and data integrity. 

This has become critical against the backdrop of increasing news headlines: 

UnitedHealth – In February 2024, UnitedHealth Group’s subsidiary, Change Healthcare, experienced a ransomware attack by the ALPHV/BlackCat group, severely disrupting healthcare billing systems nationwide. Recovery was extensive and complex, and it took months for full restoration. In September 2024, UnitedHealth’s Chief Information Security Officer, Steven Martin, revealed that the company had to “start over” with its computer systems, replacing routers, switches, and compute infrastructure to ensure security. 

Transport for London (TfL): In September 2024, TfL suffered a cyber attack that disrupted multiple online systems, including payment and customer service platforms. The incident incurred over £30 million in costs, with recovery efforts extending over several months.  

SA Health: In December 2024, a significant computer malfunction in the South Australian Health system disrupted crucial medical services, including pathology and medical imaging. Doctors expressed concerns over delays in obtaining vital test results, which jeopardized patient care. Restoration of systems was gradual, with some services taking days to return to normal operations. 

Blue Yonder: In November 2024, supply chain software provider Blue Yonder suffered a ransomware attack that disrupted operations for retailers such as Starbucks, Morrisons, and Sainsbury’s. The attack caused systems to go offline. Recovery involved implementing contingency plans and took several days to restore full functionality. 

34% of IT outages are caused by change of configuration issues** 

At the heart of any cyber recovery strategy lies the organization’s IT environment. This environment encompasses all hardware, software, networks, and configurations that support business operations. When a cyberattack occurs, the ability to restore data and resume services depends heavily on how well this environment is prepared and maintained. 

Here’s why verifying the configuration of your IT environment is crucial: 

  • Accurate Recovery Points 
    Recovery relies on the availability of reliable backups. Regularly verifying configurations ensures that backups are correctly configured to capture all critical data and applications. Missing or incomplete backups can lead to significant data loss and hinder recovery efforts. 
  • Streamlined Restoration Processes 
    Configuration verification ensures that all components in the IT environment – from servers to databases, storage systems to cloud environments, and high-availability solutions to disaster recovery orchestration tools – are documented and aligned with recovery protocols. This streamlining reduces the time needed to identify issues and facilitates faster restoration. 
  • Compliance and Security 
    Many industries are governed by regulations that mandate secure and verifiable backup processes. Regular checks on IT configurations ensure compliance, helping organizations avoid legal penalties and maintain stakeholder trust. 
  • Resilience Against Emerging Threats 
    Cyber threats evolve rapidly. By routinely verifying and updating IT configurations, organizations can address vulnerabilities, close security gaps, and adapt to new threats effectively. 

To enable efficient and timely recovery, organizations should adopt these five best practices: 

  1. Automated Configuration Management 
    Leverage tools that automate the monitoring and management of IT configurations. Automated tools can detect changes, flag misconfigurations, and maintain an up-to-date inventory of all assets. 
  1. Regular Testing and Drills 
    Conduct periodic recovery drills to simulate cyber incidents. These tests ensure that configurations are optimized for real-world recovery scenarios and help identify weaknesses before an actual attack occurs. 

    Make sure you set goals for recovery speed and validate that your data protection systems are configured accordingly. Many organizations lean too much on hope and optimism, and when their systems are put to the test, discover it takes weeks rather than hours. Some vendors can help you assess your recoverability posture, and help you understand how to close the gaps. 
  1. Comprehensive Documentation 
    Maintain detailed records of system configurations, including version histories, dependencies, and backup schedules. This documentation serves as a roadmap during recovery efforts. 
  1. Role-Based Access Control (RBAC) 
    Restrict access to configuration settings to minimize the risk of unauthorized changes. RBAC ensures accountability and reduces the likelihood of human error. 

    Make sure you harden and secure your recovery environment.  When they do get in, hackers are notoriously known to exploit weaknesses in storage and backup systems to both steal data, and destroy your backups – preventing or prolonging recovery 
  1. Alignment with Business Objectives 
    Ensure that IT configurations align with organizational goals and priorities. Critical systems should receive higher protection and recovery precedence. 

Cyber recovery is a vital component of an organization’s cybersecurity, IT infrastructure, and business continuity strategies. By placing emphasis on verifying the configuration of IT environments, organizations can enhance their ability to restore data, recover applications, and maintain continuity in the face of cyberattacks.  

Regular assessments, automation, and alignment with business objectives ensure cyber resilience, helping organizations navigate an increasingly perilous digital landscape with confidence. 

Investing in a solution, like RecoverGuard, will help you automatically verify the configuration of your ICT environment. 

RecoverGuard identifies and inventories all technologies used for data protection, as well as application failover and recovery, aligning them with your business service levels and resilience requirements, while ensuring compliance with relevant regulations. 

*  Cyber Resilience Research commissioned by Cohesity and conducted by Censuswide, Jan 2024 
** IT outages: 2024 costs and containment; Enterprise Management Associates report 

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

On March 11, join Dell-Continuity Webinar: Securing Storage & Backup; the Forgotten Threat Vector

Register
We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our
Privacy Policy I Agree