Disaster Recovery Journal Winter 2024

n Lastly, natural disasters, while not nearly as “glamorous” as cyber, continue with the seasonality many long-tenured BC/ DR experts have always known about and planned for. In other words, while cyberattacks con tinue to gain mindshare, none of the other kinds of crises that debilitate IT, and affect business processes, are receding. The cau tion to BC/CM executive stakeholders is: If you are only worried about flood, Ransomware is a ‘when’ not an ‘if’ That does not mean assured destruction and utter calamity is a “when” not an “if” – just like any other crisis at scale. That said, unless natural disasters, supply chain issues, or the myriad other crises BC/ CM teams have to plan for – ransomware comes with no warning … other than the constant media coverage and articles like this one reminding you of its inevitability. According to the same 2024 research, 25% of enterprises don’t believe they suffered one attack in the preceding 12 months, while 26% acknowledge they were hit four or more times over that same time period. Said another way: That isn’t even the worst of it when you consider cyber villains are often lurk ing and navigating throughout the envi ronment for up to 200 days before they are ever discovered or announce their demands. As such, many of those who believe they haven’t been hit have been breached, but are blissfully unaware. It is important to note that repeat attacks do not entirely imply multiple breaches. As discussed later in this article, many organizations simply fail to completely eradicate the initial malware. Months after the first cyber event is over, the attacker simply checks if any of their technology is still present in the victim’s environment. so you spend all your efforts ensuring protection from water – then you will be completely underprepared when fire strikes. More organizations experienced cyberattacks quarterly, than not at all.

if you have a mature and well-orchestrated IT-DR program. With fire or flood, the sec ondary data is good right up until the origi nal systems became crispy or wet. The IT teams’ mandate is to simply re-home and enable the secondary systems as quickly as possible. Unfortunately, the secondary data from minutes before the ransomware event are likely just as infected as the production instances, so even the triage of those systems affected become a non linear and non-predictable delay before remediation can begin in earnest. There is also the alarming reality cyber villains target your backup repositories in 96% of attacks and are successful in 76% of the attacks to encumber or eliminate your IT teams’ ability to recover your data – increasing the likelihood you’ll have to pay the ransom.

If you paid the school bully your lunch money once, they will be back the next time they are hungry.

In this case, the 2024 Ransomware Trends Report reveals only 37% of orga nizations have the ability to sandbox or quarantine a staged restore via a “clean room” to ensure they do not re-infect the environment. As any seasoned BC/DR professional knows, there is often a signif icant amount of pressure to resume opera tions as quickly as possible. Without the proper orchestration or planning, victims might remove malware from their systems only to inadvertently re-infect themselves during data restorations. There is an unfortunate nuance in recovering from ransomware at scale, even

14 DISASTER RECOVERY JOURNAL | WINTER 2024