Companies today are handling massive amounts of business-sensitive data, making it difficult to secure and making them attractive targets for hackers and cybercriminals. And with data breaches and ransomware attacks regularly occurring, businesses need to continuously modernize their approaches to cybersecurity to keep their defenses strong.
Protecting data and recovering data as soon as possible in the face of an attack has become a business priority of today rather than a side note for IT departments to consider, as it once was.
My career in cybersecurity has spanned two decades, and I’ve been able to observe many of the common pitfalls of the sector. I’ve now led over 25 ransomware workshops with some of the top companies in the world—this is what I’ve learned.
In years past, the responsibility of cybersecurity and data recovery fell squarely on the shoulders of a business’s IT department, with most of their budgets emphasizing preventing attacks.
Now, business leaders are accepting that it’s not always possible to prevent an attack and that recovery plans are equally as—if not more—important to security. The recent rise in cyberattacks has shone light on a central truth for business leaders: It’s not enough to have a recovery plan—you have to have the discipline to test the plan.
The Evolving Threat Landscape
Companies are looking to expand their digital footprint. But, in doing so, they incur the risk of expanding their total attack surfaces, giving hackers and bad actors more pathways to gain entry to both external and internal networks and their wealth of business-sensitive information. When most of the cybersecurity budget is focused on prevention, this can cause complex problems that span all departments once an attack evades existing prevention measures.
Cyberattacks are evolving at an alarming pace, posing significant threats to businesses and organizations worldwide. Traditional recovery plans, designed to restore systems and data after an attack, are no longer sufficient to address the sophisticated and persistent nature of these threats.
In Cohesity’s third annual Global Cyber Resilience Report analyzing cybersecurity and ransomware trends, which surveyed over 3,100 IT and security decision-makers, 67% of respondents said their organization was the victim of a ransomware attack in 2024, showing a clear upward trend in attempts by bad actors—and a clear reason to prioritize a comprehensive security strategy.
And, while 78% of respondents said they have confidence in their company’s cyber resilience strategy, only 2% said they could recover data and restore business processes within 24 hours in the face of an attack. This poses a question: If your cyber resilience strategy doesn’t include recovering data efficiently, what function does it serve?
Today’s ransomware attacks are forcing organizations to create an overarching response and recovery strategy that considers all aspects of technology. However, for this to work, organizations need to not only have a crisis plan but also be willing to test it regularly. The best approach to create an overarching strategy is to look at cybersecurity as an opportunity to examine your organization’s business resilience. It’s time to consider all angles: communication strategy, cyberattack prevention and response, data protection, and information recovery.
It’s Not Enough to Have a Recovery Plan
Modern cyberattacks often involve advanced techniques such as ransomware, zero-day exploits, and social engineering, making them harder to detect and defend against. These attacks can cause significant financial losses, reputational damage, and operational disruptions, potentially leading to long-term consequences for affected organizations.
In addition to pre-existing measures, implementing robust preventive measures to minimize the risk of successful attacks is essential. This includes implementing preventive measures such as firewalls, intrusion detection systems, and regular software updates to minimize the risk of successful attacks. Organizations must also prioritize threat intelligence and monitoring to stay informed about emerging threats and vulnerabilities.
But cybersecurity is a business problem. To address this evolving threat landscape, businesses need to adopt a new approach to cybersecurity: a business resilience strategy. This only comes when an organization avoids seeing the CISO and IT and security team's responsibilities as merely a means to keep bad actors out. To obtain true business resilience, organizations should bring traditional infrastructure and security teams together to determine what business resilience means to their company.
This includes asking the hard questions: What systems are the most important if a company is forced to recover due to an attack? What applications, datasets, processes, and people are part of your “minimal viable company”? In short, if any attack occurs, what needs to be restored first?
The Importance of the Incident Response Plan
Once a holistic technical team can agree on the most important puzzle pieces for their minimal viable company, they can determine how best to protect their assets and have confidence the business can recover appropriately.
Having an effective incident response plan is crucial to minimizing the impact of an attack and facilitating a swift recovery. The first thing that breaks down in a cyberattack is communication. Incident response plans should include clear roles and responsibilities, well-defined communication channels, and standardized procedures for containment, eradication, and recovery of both data and crucial systems.
A large part of protecting data against incidents is constantly testing your systems—both preventative and recovery measures. Regularly testing and updating your incident response plan is essential to ensure its effectiveness. Leaders need to conduct simulations and exercises to evaluate the response capabilities of the organization and identify areas for improvement on a consistent basis. Feeling confident in your plan doesn’t mean anything if you can’t put it into action, restore data and systems, and get back to business quickly.
It’s important to remember that cyberattacks are business transactions for hackers, designed to collect a return on stolen data. As such, the stigma of being attacked is decreasing—but effectively managing the response to an attack is paramount.
The Holistic Approach to Business Resiliency
Cyberattacks are becoming increasingly sophisticated, and traditional recovery plans that rely on siloed incident response will no longer cut it. Businesses need to equip themselves with preventative and recovery measures and test their approaches regularly to ensure resilience against ongoing cyber threats.
Moving forward, organizations need to adopt a holistic approach to business resilience, including communications plans, preventive measures, threat intelligence, incident response planning, and regular testing to ensure their resilience against cyberattacks. It is no longer enough to respond once an attack occurs.
At the core of this approach lies a shift from reactive incident response to proactive cybersecurity preparedness. Reactive strategies focus away from safeguarding business-sensitive information and toward what to do post-incident. With a proactive, holistic approach to cybersecurity, businesses stand to gain the knowledge and plan to protect their systems and restore business-sensitive information quickly.
By making the effort to invest in an approach that properly defends against and responds to cyberattacks, if and when one occurs, you will already have the tools in place to identify the threat, minimize potential damage caused by bad actors, and get your business up and running in no time. The time is now to employ a robust business resilience strategy to ensure continued success in the digital age.
