Recovery redundant?
Yet another case in my experience where recovery is weeks/months.
Ransomware attacks are expected. No-one can be sure of thwarting every attack. Recovery from a complete network compromise must surely be part of any professional planning nowadays. The plan will have timeframes. Is anyone actually signing off any that don't have something like 48 hour to core re-functioning? A day to flush or replace existing systems - and another day to bring back core data?
Yet so many times it isn't happening. Some may be explainable because something outside of the expected happens. But not all. I suspect that having redundant hardware/people/licences and practising live recovery is a price many bean counters may pay lip service but when it comes to shove - today's emergency trumps next week's risk when it comes to budget.
And it's going to be expensive iif you need to retain existing kit for postmortem examination which implies to you need to bring up a parallel system. Redundancy big time,
Biting the hand that feeds IT
