Why IT Leaders Should Rethink Backups in the Age of Ransomware

12 Min Read
12 Min Read

As it stops and confusion escalates, IT teams are shifting their focus beyond simply backing up data and maintaining operations during the incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. The Ransomware-as-a-Service (RAAS) platform allows inexperienced threat actors with little or no technical expertise to launch large-scale, harmful attacks. And these attacks now don’t just encrypt your data. They remove sensitive information for double and triple terror, modify or delete backups, and disable recovery infrastructure to block recovery efforts.

This is especially important for small and medium-sized businesses (SMBs). This is increasingly targeted for more lean defense. For SMBs, which generate $10 million in annual revenue, even a day’s downtime costs $55,076, but it doesn’t have a long-term impact on customer trust and brand reputation. And while we are considering pressure to meet our compliance obligations, strengthening regulations in sectors like finance and healthcare, and evolutionary standards set by cyber insurance providers, it is simply not enough to back up important data. Organizations need a cyberresilience strategy that will help them stay operational in the event of major disruptions.

Find out where traditional backup strategies are lacking and how SMBs can build true cyber resilience and keep their business running when it matters most.

Why traditional backups are needed, but they are no longer sufficient

For years, backup strategies have followed the familiar playbook. Regular snapshots of critical systems, defined recovery time targets (RTOs) and recovery point targets (RPOs), offsite replication, and occasional test restoration. It’s a useful set up for many IT teams. After all, if I restored the lost files at the end, why doesn’t it work again?

However, the problem is: The idea is that it is rooted in a time when obstacles were usually accidental. This can be caused by a hardware failure, human error, or software problem. It doesn’t explain today’s reality. It is a targeted, permanent cyber attack specifically designed to destroy your healing abilities.

See also  Google Chrome now allows you to automatically change compromised passwords using the built-in manager

Attackers regularly wipe or corrupt local backups, compromise administrator credentials to gain control of the backup system, and completely disable recovery infrastructure. Many use double and triple terror tactics to encrypt data, remove it, and threaten to leak it publicly. What’s worse, the risk doesn’t stop within your own boundaries.

Today, many ransomware campaigns target supply chains, disrupting multiple organizations at once. As an IT leader, it is essential to recognize the operational risks implemented by third-party vendors in the supply chain. Consider asking:

  • Plans to extend cyber resilience expectations to vendors and partners
  • Contractual clauses (such as healthcare hit lasts) actually give them confidence in their backup and disaster recovery preparations

Frame the situation from the perspective of risk appetite.

  • Does the board allow scenarios where the backup is encrypted by ransomware? Ask difficult questions:
  • Are you willing to accept a 3-day infrastructure rebuild just to restore from legacy backups?
  • Are we satisfied with the recovery that could take weeks and risking data loss due to an untested system?
  • Can I prove to my auditor and cyber insurer that I can restore operations within a documented window?

If the answer is “no” to any of these, it’s time to rethink our approach to business continuity and resilience.

What is Cyber Resilience?

Backups focus on copying and restoring data later. However, cyber resilience is one step further, continuing to run business even during attacks.

A resilient cyber attitude is integrated.

  • Unchanging backups stored offsite in the cloud. These backups cannot be modified or removed by ransomware, unlike local systems that can be compromised if the administrator’s qualifications are compromised.
  • Automated, verified recovery tests allow the system to actually restore under pressure. Untested backups are mere theory, not a plan.
  • An organized recovery playbook that rebuilds not just files, but the entire service and applications. Solutions like Disaster Recovery as a Service (DRAAS) streamline this and enable faster and more reliable business services restoration.
Figure 1: Why is cyber resilience important?

Consider budget and risk conversations before making a decision. It increases the cost of the organization. It’s a weekly suspension of investing in tools that stall production, delay pay, stop customer transactions, and prevent them completely.

See also  SOC Agent AI

Cyber resilience reduces both the possibility of serious disruption and the impact it may have when it occurs. Insurance may cover losses after fact, but resilience ensures that your business will still be able to operate while the threat unfolds.

How to build a resilience-first strategy to protect your business operations

To achieve cyber resilience, you need a framework that connects that preparation with business continuity. Here’s how IT leaders begin to build a resilience-first attitude that aligns with operational priorities and board-level expectations:

1. Start with business impact lenses

Start with Business Impact Analysis (BIA) to map to features that support IT systems. Not all systems have the same weight, but enterprise resource planning (ERP), customer relationship management (CRM), e-commerce platforms, and scheduling systems can be mission-critical. Identify:

  • Which systems are essential for revenue and service delivery?
  • What is the financial and reputation cost for each time of downtime?

This is not just about RTOs and RPOs. It’s about knowing which business services need to stay online to prevent cascade disruption.

2. Layer defense around critical recovery infrastructure

Backup and recovery systems must be protected like production workloads.

  • Enforces multifactor authentication (MFA) and uses individual administrator credentials for the backup console.
  • Choose a solution that allows early detection of ransomware activity within your backup environment.
  • Implement immutable backups and store them offsite in the cloud to mitigate risk from both ransomware and physical threats.
  • Monitor logs and alerts for abnormal behavior. Early visibility buys valuable time during violations.

3. Automate backup verification and testing

Untested backups are not reliable. Your trust in your recovery plan should come from proof, not from assumptions. Automate validation to ensure recovery potential for not only files but also full application-level services.

Include:

  • Automatic backup tests to verify integrity.
  • Editorial Doctor Runbook Test to Simulate Full Recovery Workflows.

4. Develop and document recovery playbooks

Recovery strategies must be step-by-step, clear, and role-specific.

  • Defines who, what, and where to restore.
  • Include guidance for reconnecting staff to the system and restarting operations.
  • Train non-technical teams to respond appropriately.

For example, if the retail POS goes down, how can the store team notify customers and process the order without compromising their trust? Don’t overlook crisis communication. Have clear internal and external messaging protocols for your PR and leadership teams. Silence and confusion create lasting damage.

See also  CISA and FBI WARN FAST FLUX are powered by resilient malware, C2 and phishing networks

Pro Tip: Prepare a board-level resilience scorecard

IT leaders need to be prepared to briefly describe executives with key metrics. Create a one-page resilience scorecard that includes:

  • Key system recovery time estimate.
  • Date of the last successful recovery test.
  • Test results and evidence of improvement.

This will be the starter of conversations with board members, compliance auditors and cyber insurers, turning technical preparation into strategic reliability.

Insurance and Audit Preparation: Turn Resilience into ROI

Cyber resilience is an important lever in managing financial risk. Today’s insurance companies and auditors require clear evidence of preparation before providing coverage or approving a claim.

Expect questions like this:

  • Do you have immutable backups?
  • How often do restores test?
  • Is the backup infrastructure segmented from production?
  • Are cloud systems independently backed up?
  • What are your actual RTO and RPOs?
Figure 2: Example of a survey of cyber insurance application

Being able to view documented proofs such as logs, test reports, coverage maps, and screenshots can help you reduce your premiums and ensure claims that align with policy terms.

This is also a strategic conversation with the CFO. “Investing in resilience doesn’t just reduce risk, it protects your ability to recover financially and unleash the value of your insurance.”

How modern platforms like Datto power the Resilience stack

Building a resilience-first attitude doesn’t have to mean sewing multiple tools. Datto offers a unified platform that simplifies the complexity of resilience while strengthening the overall cybersecurity attitude.

Using datts will earn your team.

  • A single platform for managing local, cloud, and immutable backups, reducing tool sprawl and improving operational efficiency.
  • Automated backup verification and coordinated recovery playbook ensure that all critical systems are testable and recoverable.
  • Clear and audit response reporting certifying compliance with the board of directors, regulators and insurance companies without manual efforts or scrambling during the incident.

To that end, this leads to less vendor management, greater confidence in recovery preparation, and full transparency when it’s time to report a resilience attitude to executive stakeholders.

Rethinking backups as a core layer of resilience

Cyber resilience is no longer just a technical initiative. This is a critical business strategy that ensures that your organization will function while under attack. Now is the time to assess your resilience attitude. Identify gaps between immutability, tested and documented recovery. Know where you stand before the confusion. Test it for you.

If you’re not sure where to start, Dutt can help. With Dutt, cyber resilience is more than just reachable. It is simplified, scalable, and built to provide clear operational and economic value.

Get environmental pricing details and take your first step towards a resilient future.

Share This Article
Leave a comment