Disaster Recovery Journal Spring 2025

REGISTER TODAY! www.drj.com/spring2025

Spring 2025 u Volume 38, Number 1

INSIDE ... Key Data Center Trends Shaping Business Continuity in 2025 Smart Spending on IT DR: Using BIA to Minimize Risk and Costs Integrating Business Continuity and Cybersecurity Emergency Notification Directory 2025

Don’t Miss An Issue u Subscribe Today! u www.drj.com/#sign-up

Small-Medium Business Integrated Toolkit BIA Surveys, Dashbaords BC/DR Plan Templates 350+ Reports Low Cost

Global Enterprises Unlimited User Access Asset Geo-tagging Flexible, Customazible Integrated Workflow Voice, SMS Notification

www.eZPlan

(888) 480-3277

Platform for Building a Resilient Enterprise

• Cloud hosted • Secure Solution • Scalable • Product support • FREE upgrades

BIA, Plan Templates Gap Analysis Reports Exercise Management Role-Based Access Management Dashboards Management Consultants

powered by

nner.net

Info@eZPlanner.net

OPERATE WITH CONFIDENCE, ANYWHERE ON EARTH

CRITICAL EVENT MANAGEMENT TRAVEL RISK MANAGEMENT RISK INTELLIGENCE & ANALYSIS

GLOBAL SECURITY ASSISTANCE MASS NOTIFICATION SYSTEM MEDICAL EVACUATION & ASSISTANCE

HEAR FROM OUR INDUSTRY EXPERTS AT DRJ SPRING 2025

The One-Person Resilience Team, Powered By AI: Case Studies From The 2024 Disaster Season Monday, March 24 | 2:15 PM-3:15 PM ET AI and the Future of Risk Management: Navigating a World of Uncertainty Tuesday, March 25 | 8:00 AM-9:00 AM ET Navigating Evolving Risks Through Innovation Wednesday, March 26 | 9:15 AM-10:15 AM ET

VISIT BOOTH #300

www.crisis24.com

Disaster Recovery Journal 1862 Old Lemay Ferry, Arnold, MO 63010 (636) 282-5800; Fax: (636) 282-5802

Internet: www.drj.com E-mail: drj@drj.com EXECUTIVE PUBLISHER Bob Arnold bob@drj.com EDITOR IN CHIEF Jon Seals jon@drj.com PRESIDENT Bob Arnold bob@drj.com DIRECTOR OF EVENTS Lesley Vinyard lesley@drj.com REGISTRATION MANAGER Rose Chotrow rose@drj.com SENIOR WEB DESIGNER

TABLE OF CONTENTS

COVER The State of Business Resilience 2025 By AMY DEMARTINE

Amy Faulkner amy@drj.com EVENT MARKETING Sonal Patel sonal@drj.com

EXECUTIVE COUNCIL Dan Bailey, Jeff Dato, John Jackson, Peter Laz, Margaret Millett, Ann Pickren, Steve Piggott, Tracey Rice, Randy Till, Damian Walch, Belinda Wilson EDITORIAL ADVISORY BOARD Erick Anez, Robbie Atabaigi, Rich Cocchiara, Renuka Darbha, David Halford, Ray Holloman, Colleen Huber, Cary Jasgur, Lisa Jones, Melanie Lucht, Melissa Muñiz, Melissa Owings, Bogdana Sardak, Nicole Scott, Paul Striedl, Joy Weddington + (51) 1 436 6456 fijo Perú + 1 (786) 600 1864 USA ruth.rocha@drjenespanol.com www.drjenespanol.com ASIA Business Continuity Planning Asia Pte Ltd (BCP Asia) Henry Ee 1 Commonwealth Lane #08-27 One Commonwealth Singapore 149544 Phone: (65) 6325 2080 Fax: (65) 6223 5363 General: enquiry@bcpasia.com Events: conference@bcpasia.com Direct: henry@bcpasia.com www.bcpasia.com UNITED ARAB EMIRATES Continuity and Resilience A Division of CORE MANAGEMENT CONSULTING Dhiraj Lal , Executive Director P. O. Box 127557, Abu Dhabi, United Arab Emirates ( +971 2 8152831 | 7 +971 2 8152888 dhiraj@continuityandresilience.com www.continuityandresilience.com SOUTH AMERICA DRJ en Espanol Ruth Rocha , Directora Comercial

8

20 Key Data Center Trends Shaping Business Continuity in 2025 By DAN RAPP

32 Beyond RTO and RPO: Introducing the Recovery Operability Objective By VELLA GARRETT & GREG CHRISTIAN

24 Smart Spending on IT DR: Using BIA to Minimize Risk and Costs By GREG VIRGIN

35 How AI is Transforming Business

Continuity and Information Security in Finance By ALDO SORALUZ

27

The Rise of Anomaly Detection in Cybersecurity Defense By JEROME WENDT

42 Emergency Notification Directory 2025

30 Integrating Business Continuity and Cybersecurity By KATIE BRENNEMAN

DISASTER RECOVERY JOURNAL is copyrighted 1987-2025, by Systems Support, Inc., all rights reserved. DISASTER RECOVERY JOURNAL is a registered trademark of Systems Support, Inc. Reproduction in whole or part is prohibited without expressed written permission. Articles submitted by readers do not represent the views or opinions of DISASTER RECOVERY JOURNAL and are published for their informational content only.

DISASTER RECOVERY JOURNAL | SPRING 2025 5

FROM THE PRESIDENT’S DESK

The Practical Use of AI for Business Resiliency – Opportunities and Risks A few years back, everyone wanted to talk about blockchain, and now AI has become the most discussed technology. Just look at this issue of DRJ; AI is included in nearly every article. While AI tools are widely used, many—including myself—are still trying to grasp the full extent of their impact. AI is much more than chatbots or automation; it has the potential to reshape how businesses operate, Another challenge is the reliability of AI-driven decision-making. AI can quickly process informa tion faster than humans, but it is imperfect. Are you old enough to remember the acronym GIGO (garbage in, garbage out)? AI models can produce errors, and when they are trained on biased or incomplete data, they can lead to bad decisions. Without proper guidelines or review processes, businesses could find themselves making critical decisions based on incorrect data.

BOB ARNOLD, MBCI Hon.

particularly in business resiliency planning. AI is already playing a significant role in predicting disruptions before they happen. By analyzing large amounts of data, AI can provide early warnings about supply chain issues, severe weather, or cyber threats. This kind of insight allows organizations to take action to reduce these risks rather than simply reacting to crises as they unfold. Beyond predictions, AI is transforming how businesses respond to disruptions. Automated response plans powered by AI can instantly take action, whether isolating a compromised system during a cyberattack or rerouting shipments when a supply chain issue arises. These real-time actions help reduce downtime and keep critical operations running. Plus, it can automate communication to key stakeholders during a crisis. But as some organizations integrate AI into their resiliency strategies, they must also be aware of the risks. One of the biggest concerns is data security and ownership. AI systems require enormous amounts of data to function effectively, and businesses need to be sure of where that data is stored and who has access to it. Many third-party AI tools collect and process data in ways that may not be fully trans parent, raising questions about compliance and intellectual property.

Regulations around AI are exploding around us almost as quickly as adoption. Laws surrounding AI use are still being developed, and companies need to stay ahead of shifting regulations. What is considered acceptable AI usage today may face new restrictions tomorrow, making it essential for businesses to remain flexible and adaptable. I have no doubt that AI will continue to influ ence business resiliency planning, but organiza tions must find the right balance between its strengths and risks. If you want to use AI as a resiliency tool, start small by improving exist ing processes rather than fully automating deci sions. Human oversight ensures AI supports, not replaces, expert judgment. Also, make sure that whatever tool you use keeps your data—especially sensitive internal data—secure. AI has the power to revolutionize our world, including business resiliency, by enabling faster responses, improving risk prediction, and enhanc ing overall resilience. But with that power comes responsibility. Companies must use AI thought fully, keeping security, ethics, and regulatory chal lenges in mind. Those who strike the right balance will find themselves better prepared for future disruptions while maintaining control over their data, decisions, and operations.

PRESIDENT bob@drj.com

6 DISASTER RECOVERY JOURNAL | SPRING 2025

DRJ Spring 2025 Meet us at booth #401

The State of Business Resilience 2025 By AMY DEMARTINE

8 DISASTER RECOVERY JOURNAL | SPRING 2025

S ince the introduction of ISO 22301 in 2012, best practices for business continuity have remained largely unchanged. However, global operational resilience mandates have intro duced new expectations, raising the bar for overall resilience. This report helps resilience professionals benchmark their pro grams, build a business case for improvements, and understand how resilience expectations are evolving. Compliance Mandates Drive the Transformation of Resilience Forrester has partnered with the Disaster Recovery Journal to field annual market studies on various topics related to busi ness continuity and disaster recovery to gather data for company comparisons and benchmarking and to publish best practices and business resilience. BC programs focus primarily on creating, maintaining, and testing BC plans in preparation for an incident. Operational resilience programs focus primarily on efforts to ensure critical/important digital services (including those provided by third parties) are maintained throughout an incident. Business

resilience programs focus on the planning and preparation undertaken by an organization to ensure critical/important business functions can continue during and after an incident, including all digital and nondigital processes, such as workarounds for processes, employees, and manufacturing considerations. Today, 46% of respondents primarily work in business continuity, but an inspiring 22% work in an operational resilience program, and another 32% work in a business resilience program. n Transformation will take time. Even 24 months out, organizations are still planning to achieve operational resilience compliance. For example, only 3% of respondents claim APRA Op Res compliance today, but an additional 4% desire compliance in 24 months. The 50 respondents who either are compliant or want to comply within this two-year time horizon will have complied with an average of just over two operational resilience mandates.

recommendations. This year’s study focused on resilience. With the number of worldwide operational resilience man dates already in force or coming into force soon, programs will need to move from plan-based loss scenarios tested to be severe to plausible scenarios tested and backed with detailed IT maps of critical/important services. It is the aspiration many BC programs always had but never materialized due to lack of funding, organi zational support, or business priority. Consider the following: n Compliance forces action. Since ISO 222301 was introduced in 2012 as a standard for business continuity management systems, few other standards for resilience have emerged with the same levels of adoption. Recently, a spate of worldwide mandates for operational resilience has emerged, such as the EU Digital

Operational Resilience Act (DORA), Bank of England Prudential Regulation Authority Statement of Policy on Operational Resilience (PRA Op Res), and Australian Prudential Regulation Authority’s Prudential Standard CPS 230: Operational Risk Management (APRA Op Res). These are either already in effect or will be shortly. Today, these mandates are only required for financial institutions, but adoption is growing as other industries recognize and adopt the best practices to maintain the operation of IT in support of critical/important services (see Figure 1). n Organizations target operational resilience or business resilience goals. We separated the objectives of resilience programs into business continuity, operational resilience, and

DISASTER RECOVERY JOURNAL | SPRING 2025 9

Organizations Will Morph Depending on Program Goals Resilience is a multidisciplinary program whether the goals are business continuity, operational resilience, or business resil ience. However, the goals of the program have direct effects on the organization. Reporting To the COO Is an Emerging Best Practice Some mandates, like APRA Op Res, require programs to report to the COO or a similar role. For respondents who primar ily work in operational resilience programs, this holds true: 24% said programs report to the COO. Those with programs that report elsewhere, such as the CISO (21%) or CIO (10%), will need to reorganize to match these mandates. Respondents who primarily work in a BC program and those who primarily work in business resilience are most likely to report to the CISO (22%). But that’s the only commonality for these programs. After the CISO, those who primarily work in business resilience report into “other” (17%) or the COO (14%), while those who primarily work in BC report to the COO (16%), CRO (16%), and CEO (14%). Across all programs, the prominence of programs that report to the COO indicates an emerging best practice. The COO knows how the business runs, can support a shared practice with common tools, and can remain objective and independent of the lines of business (which have a personal stake in the prioritization of services). Most Programs Lean Toward Centralization Resilience programs must understand what is worth protect ing. For operational resilience, the mandates have dictated any customer-facing service is important/critical. However, an orga nization must first decide what these services are. Some organi zations will decide based on a formal business impact analysis. Others will negotiate with the lines of business or executives to decide on the list annually. In any case, this process depends on centralized efforts. This is why 41% of respondents said

their teams have some centralized, dedi cated members – with others decentralized throughout business functions or depart ments (see Figure 2). This type of feder ated organization balances the need for centralized prioritization of services while keeping close ties to the business that resil ience programs are meant to keep running. Thirty-five percent of respondents said their team was centralized; this type of organiza tion allows for coordinated resilience efforts around a common purpose. Practices Must Finally Evolve to Meet Operational Resilience Mandates Some practices, such as testing frequency and type, have not significantly changed since our survey began more than 15 years

10 DISASTER RECOVERY JOURNAL | SPRING 2025

Move on from manual BC Plan inFusion transforms static Business Continuity plans into dynamic, actionable data in minutes. Embrace the power of AI with Fusion.

Visit fusionrm.com to find out more

ago. Operational resilience mandates came into being as a recognition that resilience practices had stalled, and firms were not maintaining critical/important customer services that depend on IT assets, espe cially in interconnected industries, such as financial services. IT changes quickly, and resilience practices must match this pace. Most Organizations Conduct Simple Tests Only Once Per Year Unfortunately, the testing situation is largely unchanged since 2008. For all test types, most organizations only test once per year with plan walk-throughs and tabletop exercises, and as tests become more extensive, test frequency declines – 41% of respondents said they never performed a full simulation (see Figure 3). Simulations not only test the incident actions, roles, responsibilities, and inter actions between teams but also allow for timing of various plan steps. Timing gives a sense of whether recovery tar gets are realistic and where to pinpoint improvements to the plan. However, test ing requires intentional time and dedicated resources across the organization as well as the inclusion of critical third parties to pinpoint bottlenecks, missing compo nents, and communication and connection failures. Most Tests Do Not Consider DEI When performing tests, all voices must be heard to identify gaps, create actions, and improve planning. Unfortunately, 53% of respondents did not consider

diversity, equity, and inclusion (DEI) when testing/exercising a plan, and another 14% didn’t know whether they did (see Figure 4). Despite some firms pulling back on DEI investments, the business case for inclusive experiences remains strong, as diverse teams bring a wider set of perspectives, orientations, and experi ences to the organization. Using all perspectives and orientations within an organization will help unlock knowledge about how the organization runs, communication pathways, and essential work arounds the firm can implement or improve. A Lack of Service Maps Is Common Operational resilience mandates require critical/important ser vice mapping down to the IT components. These maps are also critical to pivot to individual circumstances of an incident. In the past, organizations relied on the configuration management data base to provide the mapping, but it was static and incomplete, and IT organizations struggled to include unapproved changes.

Now, there is an acceptance IT changes happen – and that IT must track them. Unfortunately, there is still a lack of confidence in real-time completeness of data, especially for components like ephemeral microservices. Technology has improved, especially around AIOps; however, use of maps is still underwhelming. Some 16% of respondents said they used service mappings to determine and track impact on customers as well as create res toration plans for tests/exercises. Only 15% of respondents used To create a complete BC program – and even reach for operational resilience and business resilience program goals – resilience pros must use a wealth of tools and technologies. Unsurprisingly, threat intelligence feeds (41%) – which DORA requires to feed threat-led penetration testing – and BC continu ity management platforms (40%) – which resilience pros use to service maps when assessing testing performance. Adoption of Key Technologies Remains Low

12 DISASTER RECOVERY JOURNAL | SPRING 2025

The biggest disaster is not recovering.

Whether itʼs ransomware, a natural disaster, hardware failure, human error, or any number of other things that can go wrong, outages donʼt care how big your company is or what you do. All that matters is being prepared. With Disaster Recovery as a Service from Expedient, youʼre always a couple steps ahead, with seamless failover, managed testing, comprehensive runbook, platform optionality, and a trained team of experts backing you up.

To talk to an expert about your disaster recovery strategy, visit us at booth 400 or scan the QR code

JOIN OUR BREAKOUT SESSION Modernizing Disaster Recovery: Lessons in Resilience from Utz Brands Monday at 2:15PM in Oceans Ballroom Salon 10

create and maintain plans, perform tests, and handle incident management – have the highest numbers of respondents plan ning to implement or expand (see Figure 5). Critical event management software – to create incident dashboards with real time datasets, such as severe weather, and to send customized communications during an incident to different internal and external groups – has the lowest number of respondents planning to implement or expand (24%) and the most not inter ested (25%). Contract lifecycle manage ment (CLM) has similarly low numbers of respondents planning to implement or expand (28%) and not interested (20%). CLM is a must-have technology for opera tional resilience, as the mandates require contracts to include exit strategies and force majeure language. Invocations Call for Greater Focus on Operational Resilience While 30% of respondents did not invoke a critical incident/risk event (an event that has significant business, finan cial, or reputational impacts or disrup tions) in the past 12 months, 64% of respondents had at least one, and 15% had four or more. The prevalence of IT failures (59%) and IT security incidents (29%) proves the impetus for operational resil ience mandates and their focus on main taining the IT assets that support critical/ important customer services. IT Failure Tops the List of Invocation Causes as Epidemics/Pandemics Fade After events such as the CrowdStrike content configuration update that affected

an estimated 8.5 million Windows systems worldwide, it’s no surprise IT failures topped the list of causes of invocations of a plan (see Figure 6). However, after 2023’s continued invocations due to pandemics/epidemics, which we attribute to COVID-19, only 10% of respondents continue to invoke for health and safety incidents. Extreme weather (33%) continues to plague respon dents, but power outages had a smaller role in plan invocations (10%). We link these last two causes together: Organizations that don’t plan for alternative power sources can be incapacitated when extreme weather disrupts power. Communication Tops the List of Lessons Learned A fundamental goal of resilience planning is to get everyone

14 DISASTER RECOVERY JOURNAL | SPRING 2025

Protecting Performance

Leveraging decades of expertise in data recovery and business resiliency, Recovery Point offers a proactive approach to identifying and safeguarding your most critical data, combined with a secure and tested means of recovery for end-to-end coverage for cyber events.

I CAN SLEEP AT NIGHT. DIRECTOR OF OPERATIONS & INFRASTRUCTURE - MANUFACTURING CLIENT

5.0 OVERALL USER RATING

877.445.4333

RECOVERYPOINT.COM

to agree ahead of time on how to make decisions during a critical incident/risk event. This means communication, and the ability to make decisions based on up to-date information, is critical. However, as we noted, 25% of respondents aren’t even interested in critical event manage ment, which would not only provide that dashboard but also enable context-based communications that differ between those: 1) responding to the critical incident/risk event, 2) implementing workarounds, and 3) making decisions (see Figure 7). Another key operational resilience man date is that decision-makers must have the information which ties to what is hap pening to affected customers. This helps executives determine what services to bring up and in what order, whether cus tomer impact will exceed tolerance levels, and other actions — like paying a ransom during a ransomware attack. Budget Is Increasing Not Only for Compliance but Also to Boost Best Practices Compliance is a great motivator for budget, and 38% of respondents with increasing budgets confirmed that achiev ing regulatory compliance or comply ing with audit findings drove the budget increase. While compliance is driving new and better best practices for resil ience, mandates still represent the floor of what organizations can do for resilience. Forrester defines business resilience as the ability of an organization to deliver on its vision and brand promise no matter the crisis. The good news? Fifty-two per cent of respondents reported the budget increase was to mitigate increasing or evolving risks to the organization, and 38% attributed the increase to better pro tecting the corporate reputation and brand – closer to the aim of business resilience than compliance. Budgets Will Decrease for Only Four Percent of Respondents

Our survey shows 37% of respondents expect funding for their resilience pro gram to increase in the next 12 months (see Figure 8). Only 4% of respondents expected their funding for resilience to decrease.

16 DISASTER RECOVERY JOURNAL | SPRING 2025

Powered by

ENSURING RESILIENCY AGAINST CYBER THREATS Assured is a global data backup and disaster recovery managed service provider. As Rubrik’s largest and most established MSP, we operationalize Rubrik’s Zero Trust Security solutions, delivering data security and protection to customers in over 60 countries worldwide. Find us at DRJ Spring 2025 in Booths #301 & #303, and join us for our live ransomware workshop & simulation, Save The Data, in Oceans Ballroom Salon 9 on Sunday, March 23 from 1:00 PM to 3:30 PM

DISASTER RECOVERY

OFF-SITE REPLICATION

CYBER RESILIENCY

MANAGED BACKUP

SAVE THE DATA | SWS-1 OCEANS BALLROOM SALON 9 SUNDAY, MARCH 23, 2025 1:00 PM - 3:30 PM EST

ASSURED DATA PROTECTION BOOTHS #301 & #303 MARCH 23 - MARCH 27

Services For Cybersecurity Incident Response Receive the Largest Budget Increase Additional budget will be welcome to not only meet compliance requirements but also shore up resilience practices and technologies. Services for cybersecu rity incident response will see the larg est bump in budget: 32% of respondents report a budget increase. The smallest bump will be for technology/services for workforce recovery (15%). During the COVID-19 pandemic, many organiza tions found themselves working quickly to ensure employees could work from anywhere, which “solved” the idea of workforce resilience. However, looking deeper into the data, some areas will see large increases of more than 10%, includ ing staffing for ongoing resilience (10%), technology/services to facilitate crisis and emergency services (9%), and technol ogy/services for IT recovery (9%) (see Figure 9). In a rush to meet mandates, organizations are looking to services as well as technologies to help fill the gaps they cannot otherwise. Research Methodologies Forrester and Disaster Recovery Journal conducted this joint survey from October to November 2024. The survey targeted global business continuity, disas

v Amy DeMartine leads Forrester’s security and risk research team, focusing on business, data, and application risk. She provides insights on building resilient enterprises that not only withstand but also capitalize on uncer tainty. DeMartine advises global clients on sustainability strategy, business and operational resilience, regulatory compliance, and business continuity

ter recovery, and security and risk professionals affiliated with Forrester and DRJ. Additional responses were gathered via LinkedIn. Respondents were screened to ensure relevant exper tise and job responsibilities, creating a valuable dataset for indus try benchmarking.

best practices.

www.drj.com/mentor-program

18 DISASTER RECOVERY JOURNAL | SPRING 2025

Key Data Center Trends Shaping Business Continuity in 2025 By DAN RAPP D iscussions about artificial intelli gence adoption often focus on its potential to increase productivity and operational efficiency across various business functions. While Liquid Cooling for High-Performance Computing As business-critical applications inte grate AI, chip manufacturers continue to shrink chip sizes while increasing capac ity. However, this progress brings chal lenges, particularly in managing the heat generated by high-performance chips. In response, the critical digital infrastruc ture industry is rapidly developing next generation cooling solutions capable of efficiently removing large amounts of heat while maintaining energy efficiency. these advancements provide competi tive benefits, they also mean companies are becoming more dependent on digital applications and the supporting IT infra structure—making data centers a key component of business continuity strate gies, even for organizations that haven’t relied on them as heavily in the past.

Continuous operation of liquid cooling systems is essential to sustaining high performance computing loads and must be protected. Modern Power Solutions and Energy Alternatives Aligning the evolution of chips, power, and cooling requires collaboration among key players to ensure chip availability, infrastructure readiness, and utility sup port. High-density computing environ ments demand reliable energy sources, but access can be challenging, particularly in remote locations and global regions affected by power instability. Power man agement equipment is evolving to support high-power density loads with minimal efficiency losses, while compatibility with alternative energy sources enhances reliability, flexibility, and environmental responsibility.

20 DISASTER RECOVERY JOURNAL | SPRING 2025

Respond Confidently to Emerging Threats A Better Approach to Critical Event Management In Case of Crisis

❑ Operationalize Your Plans and Protocols ❑ Bring Your Departments Together ❑ Run Virtual Training Exercises 10 R EASONS T O C OME S EE U S ❑ Improve Communication During an Event ❑ Act Faster on Alerts and Reports ❑ Declare and Activate Your Teams Instantly ❑ Automate Logs, Rules and Workflows ❑ Publish Playbooks, SitReps and Briefings ❑ Produce AARs with Improvement Plans ❑ Reduce your Spend on Legacy Services

A TTEND O UR W ORKSHOP

Preventing Workplace Violence: Strategies for a Safer Work Environment Monday, March 24 th 1:00 PM – 2:00 PM Oceans Ballroom 11 Presenters: David Benson, Principal Advisor Center for Personal Protection & Safety Buffy Payne, Sr. Security Consultant RockDove Solutions Christopher Britton, General Manager RockDove Solutions

See Us In Booth #503

Digital Playbooks Emergency Mass Notification Threat Monitoring Incident and Crisis Management

Solutions such as battery energy stor age systems, microgrids, and renewable sources like wind, hydro, and solar help balance energy availability while reduc ing carbon footprints. These alternatives aren’t just more sustainable—they’re essential for enabling reliable, resilient, and available operations in resource restricted areas. New Maintenance Strategies Predictive maintenance is rapidly trans forming data center operations by prevent ing disruptions and optimizing efficiency. According to Strategic Market Research, the global predictive maintenance market, valued at $4.32 billion in 2021, is projected to grow at a compound annual growth rate of 29.98%, reaching $45.75 billion by 2030. This growth reflects the increasing adoption of analytics, AI, and machine learning in maintenance strategies. Modern predictive maintenance solu tions use real-time data to detect faults early, ensuring machinery operates at peak

efficiency while reducing downtime and operational costs. By leveraging these advanced technologies, companies can improve safety, optimize resources, and enhance operational resilience. Increased Focus on Cybersecurity A potential drawback—and benefit— of AI is its ability to analyze cybersecu rity processes. Ransomware attacks are becoming more widespread, with bad actors using AI tools to launch increas ingly sophisticated attacks. These threats often begin with AI-supported breaches of control systems, embedded devices, or connected hardware. The good news is that cybersecurity experts, network administrators, and data center operators have access to their own AI-driven security technologies to predict and prevent damaging attacks. A strong focus on IT security—including peripher als and critical digital infrastructure—is essential for business continuity.

Preparing for the Future Business continuity remains a top pri ority, requiring a proactive approach to resilience and efficiency. By adopting high-performance infrastructure designs, integrating energy-efficient solutions, implementing modern maintenance strate gies, and strengthening security measures, organizations can safeguard operations against evolving challenges while ensur ing long-term stability. v operations, technical training, safety engineering, and environmental compliance. Since joining Vertiv in 2000 as a field service engineer, Rapp has advanced through posi tions of increasing responsibility, including national tech support engineer, corporate technical trainer, facility safety engineer, and regional EHS director. Today, he drives sus tainability initiatives and aligns corporate values with global environmental and social responsibility efforts. His exper tise in business ethics, social economics, and sustainable practices supports Vertiv’s commitment to responsible business leadership. Dan Rapp is a leader in responsible busi ness and environmental affairs with a back ground in nuclear, mechanical, and electrical systems. With more than 30 years of experi ence, he has held key roles in nuclear power

22 DISASTER RECOVERY JOURNAL | SPRING 2025

green IT

consolidation portfolio computing vmware itil security GRC forrester wave service desk portal outsourcing vtl business continuity opsware asset management host disaster recovery email in the cloud change management virtualization web 2.0 metrics storage risk IT service community cloud computing

Research – Resources – Solutions Forrester delivers independent action-oriented insight to solve your biggest challenges. Visit us at www.forrester.com/drjournal to learn how our research, consulting, and executive programs will help you succeed.

Making Leaders Successful Every Day

Smart Spending on IT DR: Using BIA to Minimize

standing and prioritizing business risks and processes. It identifies the operational capabilities critical to a business (also known as critical business functions) and quantifies the financial and operational impact of disruptions to those functions. From a technology standpoint, this means identifying the dependencies that underpin business processes, quantify ing the cost of downtime, and establish ing the maximum acceptable duration for recovery. These insights provide a founda tion for prioritizing IT DR planning and making informed decisions about resource allocation. Key Challenges in Aligning IT DR with BIA Aligning IT DR with business needs is often challenging due to a lack of visibility into IT infrastructure, differing perspec tives between IT and business teams, and incomplete mapping of IT assets. Large enterprises typically have highly complex IT environments that combine on-prem ises and cloud-based systems. Shadow IT,

Risk and Costs By GREG VIRGIN T echnology underpins vir tually every business process. Whether it’s cus tomer-facing operations like order processing or internal functions like pay roll, technology is integral to business continuity. As such, the IT component of your business continuity and disaster recovery (BC/DR) plans is a critical priority.

This article explores how organizations can ensure their IT recovery time objec tives (RTOs) and disaster recovery (DR) spending align with business needs by leveraging insights from business impact analysis (BIA), addressing challenges in IT asset visibility, and optimizing IT DR processes. The Role of Business Impact Analysis At its core, a BIA focuses on under

24 DISASTER RECOVERY JOURNAL | SPRING 2025

A Leader in Business Continuity for Now 25 Years

3 solutions

has been helping worldwide organizations manage the unpredictable for 25 years. Whether you need to implement your business continuity program, strengthen it or automate it, you can count on us. Work with a well-rounded BC partner, with a collaborative and holistic approach that supports your teams at every step of your BCM program. Premier Continuum

Automation software

Certified training

World-class consulting

LET'S BUILD SMART RESILIENCE

6 fields of expertise We've been in the business for 25 years. Talk about resilience.

BUSINESS CONTINUITY

OPERATIONAL RESILIENCE

IT/DR

CRISIS MANAGEMENT

RISK MANAGEMENT

EMERGENCY RESPONSE

reports and peer feedback to evaluate solutions.

in which tools and systems are adopted without IT oversight, compounds the problem. As a result, most organizations have insight into only about 80% of their IT assets—if that—leaving critical gaps in their understanding. This problem is exacerbated by the fact that IT teams tend to focus on technical assets like servers and devices, while busi ness teams think in terms of operational capabilities and outcomes. This discon nect can hinder effective risk assessments. Traditional asset inventories often fail to account for dependencies, external assets, or dynamic resources like containers. Shared or enterprise-wide infrastructure critical to multiple business functions often lacks clear business-level owner ship, leading to incomplete information during IT DR planning. Research shows organizations typically know about only 30% of the infrastructure that supports any given business function. These gaps make it difficult to deter mine the appropriate level of backup and recovery solutions needed to meet RTOs and complicate the assessment of cyberse curity risks, which is a separate but related issue. Costs of IT DR and the Case for Strategic Investment IT DR costs generally fall into three categories: people costs, technology costs, and downtime costs. n People costs include the time and expertise required to map infrastructure, set up backups, perform testing, and restore systems when outages occur. n Technology costs involve direct expenses for enterprise-grade backup solutions and recovery tools—which can be sizable. n Downtime costs refer to the financial impact of each minute of business disruption. While it is not feasible for most orga nizations to enable immediate failover for every system, thoughtful RTO prioritiza tion allows for cost-effective spending. By focusing resources on the infrastruc ture needed to support the most critical

business functions, organizations can minimize downtime costs while ensuring continuity. Steps to Optimize IT DR Spending and Align with BIA To address these challenges and opti mize IT DR spending, organizations need a structured approach: 1. Create a comprehensive IT asset inventory u Include third-party systems : Many critical business functions rely on third party services or platforms. Ensure these are part of the inventory. u Capture dynamic assets : Track dynamic components like containers and ephemeral cloud resources. u Ensure completeness : The inventory must encompass every IT asset (IT, OT, IoT) that interacts with others across environments (on-premises, cloud, virtualized, containers). Aggregating data from existing systems is a start, but it’s not enough. 2. Use data-driven automation to map IT assets to business functions u Identify dependencies : Link each IT asset to the business processes it supports, including underlying infrastructure and external components. u Analyze for single points of 3. Establish recovery tiers u Prioritize based on BIA : Use BIA findings to rank business functions by their financial and operational impact. u Set tiered RTOs : Assign recovery priorities and timeframes to each tier. 4. Choose and implement appropriate DR solutions u Align solutions with recovery tiers : Select backup and recovery tools capable of meeting RTOs for each tier. u Go beyond data backup : Include infrastructure and systems required to support recovery. u Seek expert input : Leverage analyst failure : Identify and address critical dependencies to improve overall resiliency.

5. Test and document your DR plan u Conduct full-scale testing : Regularly test the entire DR plan to ensure it meets RTOs for all business functions. u Document results : Share test outcomes with stakeholders and auditors to demonstrate preparedness. 6. Maintain and update continuously u Track changes : Keep the IT asset inventory and business function mappings up to date. u Adjust DR plans as needed : Ensure recovery solutions remain aligned with evolving business needs. Aligning IT DR spending with BIA insights offers several advantages. It mini mizes downtime costs by concentrating efforts on the most critical business func tions, improves resiliency by addressing single points of failure, and demonstrates compliance with regulatory requirements, particularly in industries such as financial services. A well-aligned IT DR strategy builds organizational confidence by show ing stakeholders the business is prepared for disruptions. Conclusion By developing a comprehensive under standing of IT assets, mapping them to business functions, and establishing tiered recovery priorities, organizations can opti mize their DR investments while ensuring business continuity. When the next outage occurs, this meticulous planning will pay off, mini mizing downtime, controlling costs, and protecting the business from significant disruptions. v The Benefits of Aligning IT DR with BIA

Greg Virgin is the CEO of Redjack. He began his career with the National Security Agency, where he developed his patented sensor technology for defense, energy, and homeland security environments. Virgin

founded Redjack in 2007 to commercialize the technology and extend its capabilities to support cyber resilience initia tives within both public and private sector organizations.

26 DISASTER RECOVERY JOURNAL | SPRING 2025

EDITOR’S NOTE : DCIG empowers the IT industry with actionable analysis that equips individuals within organizations to do supplier and product evaluations. DCIG delivers informed, insightful, third-party analysis, and commentary on IT technology. As industry experts, DCIG provides comprehensive, in-depth analysis, and recommendations of various enterprise data storage and data protection technologies. The views, thoughts, and opinions expressed in all Disaster Recovery Journal articles belong solely to the author. The information, product recommendations, and opinions in this article are based upon public information and from sources DCIG, LLC. believes to be accurate and reliable.

gies used. Equipped with this information, they can develop ransomware that increases the probability of a successful attack. Here are some hypothetical yet realistic ways hackers may use gathered information to develop ransomware specific to an organization: By researching an organization, hackers may obtain specific information about it, such as its employees, IT infrastructure, and technologies used. Equipped with this information, they can develop ransomware that increases the probability of a successful attack. “

The Rise of Anomaly Detection in Cybersecurity Defense

By JEROME WENDT

A

firewalls and antivirus soft ware. Hackers often research an organization before initi ating a targeted ransomware attack. By researching an orga nization, hackers may obtain specific information about it, such as its employees, IT infrastructure, and technolo

ll organizations have become more vigilant in detect ing and rooting out ransomware in their

cult to detect. To uncover these more elusive strains, more data protection solutions now include anomaly detection to help identify them. Targeted Ransomware Attacks Mounting a viable cyberse curity defense requires organi zations to go beyond deploying

“

IT environments. However, increasing perimeter cyberse curity defenses has resulted in hackers creating ransomware strains that are even more diffi

27 DISASTER RECOVERY JOURNAL | SPRING 2025

n Knowing the email system used allows hackers to exploit known vulnerabilities to enter the organization. n Once inside, knowing who works at an organization

they often demand ransoms of more than $1 million from large organizations. This has resulted in ransomware vic tims paying out more than $1 billion in 2023, with 2024 on pace to exceed this amount. Adding insult to injury, organizations receive no guar antees paying the ransom will achieve the desired results. The decryption key provided may not work, or the hacker may still release or sell the stolen data. In either case, ransomware incurs substan tial, unexpected costs without ensuring a successful resolu tion.

This technique has the same net effect as encrypting an entire file, making it unread able and unusable. However, intermittent encryption incurs less system overhead since it only encrypts small chunks of each file. In doing so, inter mittent encryption may evade common methods used to detect ransomware. These evolving attack meth ods have decreased the effective ness of perimeter cybersecurity solutions in detecting ransom ware. This puts the onus on organizations to identify solu tions that can help detect these customized, harder-to-find ran somware strains.

Intermittent Encryption Knowing that hackers develop ransomware specific to their organization repre sents only part of the threat. Hackers know that organiza tions can detect and recover from ransomware that deletes or encrypts all production data. This has prompted hackers to make ransomware more diffi cult to detect. Some ransomware strains employ an algorithm that encrypts data at a very granu lar level. Known as intermit tent encryption, it does not encrypt entire files. Instead, it only encrypts components of a file as small as 16 bytes.

permits ransomware to attempt access to applications using their credentials.

n Understanding the

technologies an organization uses enables ransomware to target specific application vulnerabilities and login credentials. Hackers take time to research specific organiza tions because, if successful,

28 DISASTER RECOVERY JOURNAL | SPRING 2025

project and archiving or deleting its data. These and other events can cause anomaly detection sys tems to flag legitimate activi ties as suspicious. This highlights the chal lenges of implementing anomaly detection—detect ing anomalies does not auto matically mean detecting ransomware. Organizations must carefully evaluate data protection solutions with anomaly detection to ensure they provide meaningful alerts. Creating Proper Associations Before deploying a data protection solution with anom aly detection, organizations should look for solutions that can create proper associations between anomalies and real threats. Ideally, the solution should have time to learn an organiza tion’s typical data access and usage patterns. Normal activ ity in one organization may appear anomalous in another, and vice versa. More impor tantly, this learning period helps it differentiate between anomalies caused by routine business activities and those indicating ransomware. This learning period also minimizes false positives. If a solution generates too many false alarms, organiza tions may start ignoring alerts, reducing the system’s effects. Conversely, detecting few or no anomalies creates a dif ferent risk. Organizations may assume their environment is secure when, in reality, the

anomaly detection system is ineffective. Effective Anomaly Detection and Alerting Requires Generative AI To be truly effective, a data protection solution with anom aly detection must perform two critical tasks: 1. Monitor and analyze the behavior of both applications and users accessing data. anomaly is business-related or indicative of suspicious activity. Because distinguishing between these two types of events is difficult, organiza tions should be skeptical of solutions that rely solely on preprogrammed, nonconfigu rable anomaly detection capa bilities. To more accurately differen tiate between business-related and suspicious anomalies, organizations should look for data protection solutions with generative artificial intelli gence (AI) capabilities. Generative AI enables a data protection solution to learn an organization’s IT envi ronment, analyze backup data, track changes over time, and distinguish between routine business anomalies and poten tial ransomware threats. v 2. Determine whether an

Anomaly Detection’s Emergence in Data Protection Solutions

The Nature of an Anomalous Event Using anomaly detection in data protection solutions, such as backup software and backup targets, may seem intuitive. Every organization wants to be alerted quickly to ransom ware. However, determining the nature of each anomalous event can be complex. Organizations may assume that if a data protection solu tion identifies an anomaly, it must have detected ransom ware. However, this one to-one relationship does not always hold true. The detection of an anom aly may indicate ransomware in an organization’s IT envi ronment. However, it may just as likely result from an unusual but acceptable business event. Changes to production data that are unrelated to ransom ware can trigger anomaly detection. Examples of such business related anomalies include: n Increased application usage, resulting in higher data change rates. n Corporate acquisitions, which alter data access and usage patterns. n Data cleanup efforts, such as archiving or deleting infrequently accessed data. n More frequent backups, leading to increased stored data. n Moving data or applications between storage locations. n Encrypting data to comply with new regulations. n Retiring an application or

To identify customized ransomware strains, a new generation of data protection solutions has emerged that includes anomaly detection. The rise of anomaly detection in data protection stems from its ability to perform historical data analysis. Perimeter cybersecurity solutions primarily analyze production data in real time. While they can theoretically monitor and regularly scan all production data, this approach is problematic. Scanning incurs significant overhead on production systems and may fail to detect ransomware cus tomized for specific organiza tions. By contrast, using a data protection solution to routinely monitor and scan backup data is more effective. Moving scanning to the backup envi ronment shifts the overhead to nonproduction systems. Since data protection solutions often sit idle during off-backup hours, organizations can use those resources to scan for ran somware. The nature of these new ransomware strains makes it more effective to look for data anomalies over time. Some strains may only affect a spe cific organization or alter small chunks of data. Detecting these subtle changes may take days, weeks, or months. This sug gests that data protection solu tions with anomaly detection are better suited to identify them.

Jerome Wendt, an AWS Certified Solutions Architect, is the president and founder of DCIG, LLC., a technology analyst firm. DCIG, LLC.,

focuses on providing competitive intel ligence for the enterprise data protection, data storage, disaster recovery, and cloud technology markets.

DISASTER RECOVERY JOURNAL | SPRING 2025 29