Cyber Security

How do we pivot from ransomware prevention to a strategy focused on cyber resilience?

KE Asked by Kevin Lewis · 05-01-2024
0 upvotes 15,665 views 0 comments
The question

It seems that no matter how much we spend on EDR and firewalls, attackers still find a way in. I want to focus more on resilience—the ability to recover quickly after an inevitable breach. What are the best practices for immutable backups and rapid incident response in 2025? Specifically, how do you handle "triple extortion" where they threaten to leak data and launch DDoS attacks simultaneously? 

3 answers

0
NA
Answered on 07-01-2024

Resilience is about "Mean Time to Recover" (MTTR). You need to implement the 3-2-1-1 backup rule: 3 copies, 2 different media, 1 offsite, and 1 immutable/offline. Immutable backups are critical because modern ransomware actively targets your backup servers first. For triple extortion, you need a robust PR and legal plan ready. Don't just focus on the tech; focus on the business process. Conduct regular "Tabletop Exercises" involving your legal, HR, and PR teams, not just IT. This ensures that when an attack happens, everyone knows their role and you can avoid the panic that leads to paying the ransom. 

0
WI
Answered on 10-01-2024

How are you testing the integrity of your "immutable" backups to ensure the ransomware didn't sit dormant in your files for months before encrypting?

J 12-01-2024

William, that's why "Clean Room" recovery is trending. You need a sandbox environment where you can restore and scan your backups for indicators of compromise (IOCs) before putting them back into production. Automated integrity checks and "honeypot files" inside your backups can also alert you if a dormant script tries to modify data before the actual encryption phase begins.

0
MA
Answered on 15-01-2024

Network segmentation is still your best defense against lateral movement. If they get into a workstation, they shouldn't be able to reach your production database. 

NA 16-01-2024

Mary is 100% correct. If you treat every segment as a separate "blast cell," you can contain the infection and keep the rest of the business running while you clean up the affected area. It’s the difference between a minor incident and a company-wide catastrophe.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

World globe icon Country: Canada

Book Free Session