data breaches
From Backups to Business Continuity: Cyber Resilience Is Now Mission-Critical
As ransomware actors escalate attacks on backups and recovery systems, IT leaders worldwide are pivoting from traditional backup strategies to holistic cyber resilience frameworks to safeguard operations—and livelihoods.
A Race Against Digital Ruin
When ransomware strikes, it’s not just data at risk—it’s lives, livelihoods and trust. For a small business generating $10 million in annual revenue, a single day of downtime can cost over $55,000 in lost earnings, not to mention long‑term reputational damage. With threat actors moving beyond simple encryption to wiping backups, sabotaging recovery consoles, and deploying double or triple extortion schemes, the stakes have never been higher.
Backup Alone Is No Longer Enough
Traditional backup systems—periodic snapshots, off-site replication, and occasional restore tests—were once sufficient for accidental data loss. But modern ransomware campaigns are designed to destroy your ability to recover:
- Attackers target backup infrastructure directly—often gaining admin control to corrupt or erase backups.
- They exfiltrate sensitive information and threaten leaks as leverage.
- Supply chain attacks mean single ransomware campaigns can debilitate multiple organizations simultaneously.
Faced with these threats, many IT leaders ask hard questions: “Are we prepared for backups to be encrypted? Would a three-day recovery window be tolerable? Can we prove swift restoration to auditors, insurers, and stakeholders?”
Shifting to Cyber Resilience
Cyber resilience goes beyond backup—it focuses on sustaining mission‑critical operations throughout a crisis. A resilient framework includes:
- Immutable, off‑site backups that can’t be modified or deleted by attackers.
- Automated recovery testing, ensuring systems actually restore when needed.
- Playbooks and DR orchestration, rebuilding services—not just files—using solutions like Disaster Recovery‑as‑a‑Service (DRaaS).
This shift turns recovery from an uncertain hope into a business‑continuity guarantee.
Building a Resilient Framework
🔹 1. Align IT Resilience with Business Impact
Map systems to critical business functions—ERP, CRM, e-commerce. Quantify the cost of downtime to prioritize recovery investments.
🔹 2. Strengthen Backup Infrastructure
Treat backup systems as high-value assets: enforce MFA, separate admin credentials, and enable early ransomware detection and logging.
🔹 3. Test and Verify Continuously
Automate backup integrity checks and full recovery simulation, not just file restores. Proving recoverability is critical.
🔹 4. Orchestrate Response with Playbooks
Document clear roles and communication pathways. Train all teams—including customer-facing staff—on fallback procedures during outages.
🔹 5. Report with Purpose
Use a board-level “resilience scorecard” showing RTOs, test dates, and remediation progress. This converts technical measures into executive confidence.
Insurance, Compliance & Financial ROI
Modern cyber insurers and auditors demand evidence—not promises:
- Immutable, tested backups.
- Segregated recovery infrastructure.
- Documented RTOs/RPOs and recovery logs.
Organizations that demonstrate resilience may see lower premiums and improved claim outcomes. As one CISO recently noted, “Resilience isn’t just insurance—it’s how we stay in business while others pay.”
Spotlight on Resilience Platforms
Tools like Datto offer unified solutions: local and cloud immutable backups, automated recovery testing, and integrated reporting. These platforms simplify resilience implementation, reducing complexity and vendor fatigue.
Conclusion: From Backup to Business Continuity
Ransomware today aims to cripple recovery—backups alone are a brittle defense. Cyber resilience provides the flexibility and assurance businesses need to endure disruptions. Now is the moment for organisations to assess immutability, testing, and recovery readiness—before the next attack comes.
Source: This article is based on insights and technical findings from the original publication:
“How Cyber Resilience Helps IT Defend Against Ransomware”
The Hacker News, July 18, 2025
Available at: https://thehackernews.com/2025/07/how-cyber-resilience-helps-it-defend-against-ransomwa.html
🧩 Technical Breakdown: How Cyber Resilience Works
🔐 1. Immutable Backups (Write Once, Read Many – WORM)
Immutable backups are read-only snapshots that cannot be altered, encrypted, or deleted—even by administrators. This protects them from ransomware that attempts to overwrite or encrypt backup data.
🔧 Implementation:
- Use WORM-enabled storage (e.g., AWS S3 Object Lock, Datto Immutable Cloud)
- Schedule frequent snapshots (hourly, daily)
- Retain snapshots per compliance (e.g., 30/60/90 days)
bash# Example: Enable S3 Object Lock for immutability
aws s3api put-object-lock-configuration \
--bucket my-backup-bucket \
--object-lock-configuration '{
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Mode": "GOVERNANCE",
"Days": 30
}
}
}'
🧪 2. Automated Backup Verification and Recovery Testing
Even having backups isn’t enough. You must prove they work. Cyber resilience platforms use automation to verify backup integrity and simulate full restores regularly.
🔧 Tools:
- Datto’s AutoVerify™
- Veeam SureBackup®
- Rubrik Live Mount™
bash# Example: Veeam PowerShell for recovery test job
Add-VBRViSureBackupJob -Name "Weekly Verification" -VM "FinanceServer01" -ApplicationGroup "CoreAppsGroup"
🔁 3. Orchestrated Disaster Recovery (DRaaS)
This includes automated failover and recovery of systems, not just files—critical for restoring services fast.
🔧 Example: Datto IRIS or Zerto
- Predefine boot order (e.g., Active Directory > SQL > App)
- Auto-spin VM replicas in a cloud recovery site
- Use APIs to script orchestration flows
yaml# Sample boot orchestration order in YAML
boot_sequence:
- name: "AD-Server"
delay: 0
- name: "SQL-Database"
delay: 30
- name: "ERP-App"
delay: 60
🔒 4. Segmentation of Backup Systems (Air-Gap & Access Controls)
To prevent ransomware from spreading to backup systems:
✅ Best Practices:
- Store backups off-network (air-gapped or cloud-isolated)
- Different admin credentials for production and backup systems
- Enable multi-factor authentication (MFA) on backup consoles
bash# Linux: Mount backup volume as read-only
mount -o ro /dev/sdb1 /mnt/backup_ro
🧠 5. Recovery Point Objective (RPO) & Recovery Time Objective (RTO) Strategy
Define and meet business-critical RPOs and RTOs for each service:
| Application | RPO | RTO |
|---|---|---|
| ERP | 1 hour | 4 hours |
| 15 min | 1 hour | |
| Web Server | 30 min | 2 hours |
| Finance Database | 5 min | 30 min |
Use continuous data protection (CDP) where low RPOs are critical.
🔁 6. Continuous Monitoring & Early Warning
Use EDR/XDR and backup-integrated ransomware detection to catch early signs:
Tools:
- SentinelOne with Datto EDR connector
- Acronis Cyber Protect
- Veeam Ransomware Monitoring
bash# Linux process watch for ransomware behavior
auditctl -a always,exit -F arch=b64 -S unlink -S rename -k ransomware_watch
💼 7. Executive-Level Reporting
Present IT resilience with dashboards and scorecards that show:
- Time of last verified restore
- Time to full system recovery
- Percentage of tested systems
- Immutable copy status
Example tool: Datto Partner Portal, Rubrik Polaris Radar, Veeam ONE
📈 Outcome of Cyber Resilience Adoption
| Without Cyber Resilience | With Cyber Resilience |
|---|---|
| Ransomware halts business | Services restored within hours |
| Backups deleted/encrypted | Immutable backups verified |
| No recovery plan in place | Playbook orchestrates steps |
| Unknown RTO/RPOs | Metrics documented, tested |