Recovery isn’t just about getting systems back online; it’s about proving that IT operations are essential to business continuity. Veeam’s Leah Troscianecki sat down with Ray Umerley, Field CISO, Coveware by Veeam, for a tactical conversation about what actually happens when ransomware hits, and how clean recovery can turn the tide from operational fire drills to strategic foresight.
Q1: Can you give us a quick introduction to Coveware and Ray’s background?
Leah: Coveware specializes in extortion-focused incident response, helping organizations prepare for and recover from ransomware and other cybersecurity incidents. Ray Umerley is a two-time ransomware survivor, CISSP-certified, and holds a Master’s in computer information systems. He brings over 20 years of experience to the table.
Ray: My focus is on helping organizations build resilience, not just through technology, but also by strengthening people and processes. Preparation is critical.
Q2: What’s the secret to a successful recovery after a ransomware or cyber incident?
Ray: It comes down to three elements: People, process, and technology. While the technical aspects of backup and restoration are crucial, the organizations that recover best are those that have established clear roles, developed solid processes, and practiced their response through regular exercises. Preparation and muscle memory are everything.
Leah: Practice matters. Disaster recovery (DR) plans need to be tested and refined regularly, not just reviewed once a year.
Q3: How often should organizations conduct DR exercises?
Ray: A full-scale, organization-wide tabletop exercise should happen at least once a year. But don’t stop there! Use every incident, from small outages to larger disruptions, as a learning opportunity. Smaller, targeted exercises with individual teams should also happen more frequently.
Q4: Who needs to be involved in DR and crisis exercises?
Ray: It’s not just about IT. Effective recovery brings together crisis management, incident response, and business continuity/disaster recovery (BCDR) teams too. Communication, both internal and external, is also essential in ensuring consistent messaging about an incident and helps to shield technical teams from distractions.
Q5: What are the most common pitfalls in crisis communications during an incident?
Leah: Delayed or inconsistent updates, unclear roles, and uncertainty about who communicates what. Not knowing how to balance transparency with stakeholder requirements is a frequent challenge, and getting crisis communications right is key to maintaining trust during an incident.
Q6: Can you share real-world lessons about clean recovery?
Ray: A major lesson is that you can’t start recovery until you’ve contained and eradicated the threat. For example, in a recent high-profile attack, an organization tried to restore their systems too soon and was hit with a second round of encryption. The financial and reputational costs were enormous.
Leah: Another case involved a company that had backups, but not the right kind. Manual recovery took months and cost millions. The lesson is that backups are only useful if they’re clean, validated, and accessible.
Q7: Why is “clean recovery” so important for business resilience?
Leah: Backup is only half the story. If you can’t verify your last known good restore point, you can’t trust your recovery. Attackers are getting more sophisticated, and sometimes even your backups are targeted. Regular testing and validation are essential.
Ray: Coveware data shows that two-thirds of victims who pay ransoms do so because their backups failed or were compromised. Don’t assume your backups will work; test them!
Q8: What technical controls support clean recovery?
Leah: The best practices include immutable backups, regular recovery testing (e.g., tabletops and live drills), having isolated or air-gapped backup storage, verifying last known good copies, and establishing a clear chain of custody for data restoration.
Ray: Involve your internal audit and compliance teams to ensure your data integrity and regulatory requirements are met.
Q9: Is there positive news? Can organizations get this right?
Leah: Absolutely. We’ve seen organizations move from partial to nearly complete data protection coverage by adopting best practices and investing in robust tools like Veeam Vault for immutable storage. Recovery times have dropped from days to minutes in some cases.
Ray: More CISOs and leadership teams are making DR a strategic priority and integrating it into their overall security posture.
Q10: How can organizations measure and improve their resilience?
Leah: Use a data resilience maturity model! Our research shows a gap between perceived and actual readiness. Key steps include breaking down silos, developing meaningful KPIs, and prioritizing improvements that have the biggest impact.
Ray: Maturity is a journey. Regular reassessment and continuous improvement are essential to stay ahead of evolving threats.
Q11: Final thoughts?
Leah: Clean recovery isn’t just a technical requirement; it’s a strategic priority that demands cross-functional commitment and ongoing investment. Use these points to advocate for regular practice and the right resources in your organization.
Ray: Preparation and muscle memory will determine your success in a crisis. Make clean recovery part of your culture!
Need help assessing your data resilience or making the business case for clean recovery? Reach out to the Veeam Team or explore more resources at veeam.com.
The post Clean Recovery and Business Continuity: Expert Insights from Veeam and Coveware appeared first on Veeam Software Official Blog.
from Veeam Software Official Blog https://ift.tt/uT30Uzk
Share this content: