Month: February 2025

Introduction

Today, cyber threats are sophisticated, they are evolving and they are relentless. While traditional cybersecurity measures focus on preventing attacks, the inevitability of a data breach necessitates a robust cyber resilience strategy. This approach emphasises not only prevention, but also the ability to respond to, recover from, and learn from cyber incidents. Achieving true cyber resilience requires a collaborative effort across various departments, particularly between storage and security teams.

The Shift from Cybersecurity to Cyber Resilience

Historically, organisations have concentrated on building their defences to prevent cyber breaches. However, recent trends and regulatory requirements underscore the importance of accepting that breaches will occur and preparing accordingly. This shift moves organisations from a purely preventive stance to one that also prioritises response and recovery.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework exemplifies this approach. The framework outlines five core functions:

1. Identify: Understand and manage cybersecurity risks.

2. Protect: Implement safeguards to ensure service continuity.

3. Detect: Develop activities to identify cybersecurity events.

4. Respond: Take action regarding detected cybersecurity incidents.

5. Recover: Maintain plans for resilience and restore impaired capabilities.

Traditionally, organisations have focused heavily on the first three functions. However, the increasing complexity of cyber threats and regulatory mandates necessitate a stronger emphasis on the Respond and Recover functions—a shift known as ‘shifting to the right.’

The Cyber Resilience Gap

Cybersecurity teams meticulously monitor metrics including patch rates, incidents raised, and mean time to fix. Meanwhile, IT operations and storage teams prioritise system availability and downtime reduction. Yet, few firms rigorously track recovery metrics, creating a cyber resilience gap.

Predatar’s data reveals that organisations recover less than 1% of their data annually, and 1 in 14 backup recoveries is compromised. This stark reality highlights the gap between firms’ cybersecurity measures and their actual ability to recover from cyber incidents.

Barriers to Closing the Cyber Resilience Gap

Security officers and organisations may not conduct extensive data storage recovery testing due to:

1. Resource Constraints: Recovery testing requires time, manpower, and budget, which may be deprioritised.

2. Perceived Low Risk: Many organisations assume their backup processes are sufficient without rigorous testing.

3. Complexity: Recovery testing is intricate and requires simulated disaster scenarios.

4. Responsibility Challenges: Coordination between IT, security, and management can be difficult, hindering testing efforts.

Whose Role is Cyber Resilience?

Cyber resilience is a team effort, requiring coordination across departments. Here’s how different roles contribute:

Role	Responsibility
CISO	Oversees cybersecurity strategy and ensures response plans are in place.
IT Security Team	Develops technical recovery strategies and validates system integrity.
Storage & IT Operations	Manages backup systems, ensures redundancy, and restores data.
Incident Response Team	Coordinates containment and investigation efforts post-breach.
Legal & Compliance	Ensures regulatory alignment and manages compliance issues.
Communications & PR	Handles external communication in case of breaches.

Closing the Gap: A Cyber Resilience Framework

To enhance cyber resilience, organisations should focus on two key areas: Recovery Speed and Data Integrity.

1. Recovery Speed

Prioritisation

Organisations should identify the critical business systems that make up their Minimum Viable Business —those essential for operational continuity. Recovery Assurance software can automate recoveries based on prioritisation and reduce resource waste.

Early Detection

Security teams should integrate data storage systems into Security Orchestration, Automation, and Response (SOAR) systems to improve recovery speed. AI-powered metadata analysis and storage scanning enhance threat detection.

Example: IBM FlashSystem In-line Threat Detection observes data behaviour and alerts administrators about ransomware threats.

Storage Methods

Storage speed affects recovery time. Below is a breakdown of typical recovery times per 1TB of data:

Storage Medium	Estimated Recovery Time
Storage Class Memory (SCM)	~7 min
Solid State Drives (SSD)	~17 min
Nearline SAS Drive Array	~35 min
Object Storage (1Gb connection)	~1 hr 30 min
LTO9 Tape Drive	~30 min – 4 hrs (Data Dependent)

A cyber resilience strategy must include both primary and secondary storage solutions, as:

• Primary storage snapshots don’t cover all workloads.
• Secondary backups allow granular recovery (VM, folder, file level).
• Offline secondary backups provide air-gapped protection against ransomware.

2. Data Integrity

Storage Architecture Design

A resilient storage architecture follows five key principles:

1. Data Encryption: Protects data from unauthorised access, reducing its value to attackers.

2. Access Controls: Enforce MFA, quorum approvals, and complex passwords.

3. Three Plus Copies: Follow the 3-2-1-1-0 rule: three copies, two media types, one off-site copy, one offline, and zero errors.

4. Immutability: Prevents data tampering but requires proper implementation.

5. Air-Gap Solutions: Isolate critical data from the network to prevent malware spread.

Recovery Planning & Testing

Recovery plans should be frequently tested. New Recovery Assurance technologies including Cyber Recovery Cleanrooms with AI and automation built-in are making this achievable at scale. These solutions provide:

• Randomised Testing – Periodically tests a subset of systems.
• Scheduled Testing – Ensures all systems undergo recovery trials.
• Event-Based Testing – Triggers tests based on security alerts or anomaly detection.

To further ensure data integrity, storage volumes should be scanned for malware during recovery.

Reporting for Continuous Improvement

Cyber resilience is an ongoing effort. Organisations should track key metrics beyond just backup success rates, including:

• Recovery Time Objectives (RTOs) & Recovery Point Objectives (RPOs)
• Cyber Incident Metrics (frequency, severity, response time)
• Downtime & Service Availability Reports
• Cyber Resilience Index – A custom benchmark tracking overall recovery capabilities.

5 Questions to Ask Your Data Storage Manager

1. How are encryption and access controls managed?

2. What is our recovery testing frequency?

3. Are backups segregated and protected against cross-contamination?

4. Do we have an offline or air-gapped backup solution?

5. Can we measure our cyber resilience effectively?

Conclusion

Cyber resilience is not just an IT problem—it’s a business imperative. Organisations must bridge the cyber resilience gap by:

• Shifting focus from cybersecurity to cyber resilience.
• Encouraging collaboration between security and storage teams.
• Implementing faster, more secure recovery solutions.
• Regularly testing backup and recovery plans.
• Leveraging AI and automation to improve detection and response.

By adopting these strategies, organisations can not only survive cyberattacks but emerge stronger and more resilient in the face of evolving threats.

How can Predatar help?

Predatar’s Recovery Assurance platform uses AI and Automation to make data resilience achievable. Discover how…

According to a recent study, ransomware payments have dropped by over a third as more victim organisations refuse to pay up. In this short article we dig deeper into the story. We ask: what’s driving the trend? And explore how organisations, like yours, can be ready to so “No” to extortion.

The study, published earlier this month by US-based blockchain analysis firm Chainalysis, highlights a significant drop in total reported ransomware payments from $1.25 billion(USD) in 2023, down to $813 million(USD) in 2024 – that’s a drop of 35%. The statistic is uncommon in the sense that overwhelmingly, studies into cybercrime tend to tell a negative story, where attacks are on the rise and the criminals are on the front foot.  

Is ransomware as an attack strategy in decline?

Sure, ransom payments are down, which means less money flowing into the bank accounts of criminal gangs. This, in turn, will diminish the incentive for the attackers, and ultimately could lead to a reduction in the prevalence of ransomware attacks – but, there is no sign of that yet. It’s worth noting that while ransom payments fell last year, the number of ransom demands actually increased. This tells us that criminal gangs are continuing to succeed in breaching defences and locking down networks.

If perimeter cybersecurity measures aren’t stopping more ransomware, then what’s changed? Why are more ‘victim’ organisations choosing to take on the complex and often risky task of recovering their systems over paying to have them unlocked?

Choosing Recovery Over Ransom

In an ideal world, no organisation would pay a ransom demand. While the number that do pay is falling, Coveware’s quarterly ransomware report shows that in 25% of cases in Q4 2024, demands were paid with an average payment cost of over $550,000(USD).

So, what are the considerations to weigh up when deciding whether to pay up? And what’s changed that is shifting the needle.

The moral question:
The moral question is, should your organisation fund criminal activity? Of course this sounds like a no-brainer, but rather than being a binary choice, it’s actually more nuanced. Really, it’s about balancing the ethical position of your organisation against the negative (and potentially devastating) impacts that not paying the ransom will have on your employees, your customers, and your supply chain.

The legal question:
The question here is, is it illegal to pay the ransom? While there is no universal legal position on payment of extortion demands associated with ransomware, many governments around the world have put measures in place to prohibited, limit, and discourage payment. So, in some circumstances, payment the ransom is actually illegal.

As an example, The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has prohibited payments to certain sanctioned organisations, including some known ransomware groups.

When it comes to similar legal sanctions, the direction of travel is clear. The European Union and 48 individual countries have signed up to the International Counter Ransomware Initiative, which states that government authorities should not pay ransomware extortion demands.

Meanwhile, the UK government has declared that a ban on ransom payments by public sector entities including schools, the National Health Service (NHS), and local councils is under consideration.

There is no doubt that these measures at a governmental level are contributing to the decrease in ransom demand payments. Essentially, in some scenarios they remove the option of payment entirely.

The confidence question:
Fundamentally, choosing to pay an extortion demand, or not, is about calculating risk. The question is, how confident are you that your business can recover its IT systems quickly, and completely without the risk of re-infection?

Over the last 3 years many organisations have shifted from a cybersecurity strategy to a more holistic cyber resiliency strategy – putting processes and technology in place to ensure that if the worst happens, they are ready to mount a rapid and robust recovery.

We believe this has been the biggest contributing factor to the decrease in ransom demand payments. When an organisation is confident in it’s own ability to recover, the criminals’ leverage is removed.

Achieving Recovery Confidence

Saying ‘No’ to a ransomware extortion demand is a bold move, and if you lack certainty in your ability to recover, it could be a disastrous one. That’s where Recovery Assurance technology comes into play.

The Recovery Assurance Buyer’s Guide is a useful resource to help you understand the different technologies in this emerging marketplace and guide you towards the right ones to make your organisation ‘recovery confident.’

Predatar, for example, is designed to prove that your backups and snapshots are recoverable and infection-free – before a crisis hits. Thanks to AI and automation, you can validate your recovery plans daily, and continually check that your storage hasn’t been compromised.

In conclusion

Early signs indicate that the ransomware tide may be turning, but organisations can’t be complacent. The risks are still very real, particularly for organisations that don’t have robust cyber resiliency practices in place. By shifting from a cyber security approach to a more holistic cyber resiliency one, and investing in the right technologies, organisations can build recovery confidence and say “No” to extortion demands.

You’ve likely heard the term “Minimum Viable Product” – a concept popular in the tech startup world. But in the established enterprise, a more critical concept has emerged: the Minimum Viable Business (MVB).

This isn’t just a buzzword; it’s an important principle for ensuring operational resilience, especially in today’s unpredictable business landscape.

What Does Minimum Viable Business Actually Mean?

The term Minimum Viable Business refers to the smallest version of a business that can sustain day-to-day operations. Imagine every system and process, in every department, in your business was shut down tomorrow… which ones would need to start up again before you could ‘do business’?

For a manufacturer; production lines and supply chain operations would likely be considered amongst the most essential functions. In retail; Point of Sale transactions would be a top priority.

Think about what is absolutely essential in your organisation to ‘keep the lights on’ and you’ll begin to get an idea of your MVB.

Why is the concept of Minimum Viable Business gaining traction?

Understanding your MVP has several strategic benefits, including helping to prioritise investment, and improving operational efficiencies – but it’s not these benefits that’s driving the dramatic uptick in interest and adoption of the concept.

The driving force is cyber crime.

Minimum Viable Business and Cyber Crime?

Many businesses don’t need to imagine what it would be like if their whole business was shut down without warning. Cyber crime has made it a very real (and relatively likely) occurrence.

According to IBM’s most recent Cost of a Data Breach Report, 75% of businesses that had experienced an attack, took more that 100 days to fully recover. Less that 3% recovered in under 50 days.

The same study reports that the average cost of a cyber attack to a business is now a massive $4.88 million (USD).

By defining their MVB, businesses can be better prepared for a cyber crisis. They can prioritise the recovery of the IT systems that support their most critical systems – and importantly put their plans to the test. The goal is to significantly reduce disruption and costly business downtime, by getting core operations up and running as fast as possible.

Regulatory Compliance and The Minimum Viable Business

It’s often the case – particularly in large organisations – that regulatory compliance trumps good-practice when it comes to priorities. Put another way, businesses often do what they have to do (compliance), rather than what they should do (good-practice).

When it comes to the rapidly increasing interest and adoption of the concept of the MVB, their is no doubt that it’s regulations that have been the catalist. But in this instance, compliance and good-practice go hand-in-hand.

A raft of regulatory frameworks are coming into force around the world with an emphasis on operational resilience – DORA, HIPAA, FISMA and PRA to name a few. While none of them specifically use the term Minimum Viable Business, there is a common requirement for organisation to demonstrate a robust understanding of their critical operations and demonstrate they have measures in place to ensure they are resilient.

Validating MVB Resilience: Beyond Traditional Approaches

Assuring the recoverability for your most critical IT systems is now a necessity, but traditional approaches, such as tabletop exercises and manual disaster recovery drills, often feel like trying to hit a moving target. Not only are these methods time-consuming and resource-intensive, but they represent a point in time. The don’t accurately reflect the ever changing state of your data or the rapidly evolving threat landscape.

Today, a more proactive, data-driven approach to validating your most critical data and IT systems is needed. Automation and AI have a big role to play. They can:

• Enhanced Speed and Efficiency: Automated testing accelerates the validation process, allowing organisations to quickly identify and address vulnerabilities before they can exploit weaknesses. For example, a retail business can automate tests for its order fulfilment systems, ensuring that critical order processing functions can be restored quickly in the event of a system failure.
  –
  
• Proactive Threat Detection: Continuous monitoring allows for identification and response to threats, minimising downtime and accelerating recovery.
  –
  
• Uncovering Hidden Vulnerabilities: Automated malware scanning plays a crucial role in identifying and neutralising malicious software that could take down your MVB. For the retail business, this would include regular scans of all systems and devices connected to their network to detect and remove any malware that could compromise customer data, disrupt online sales, or interfere with supply chain operations.

Predatar and Your Minimum Viable Business

Predatar has been designed specifically to validate that backups and snapshots are recoverable and virus free. Many Predatar customers use Predatar’s automation rules and priority node groups to continually validate their MVB systems.

Thanks for Predatar, a national utilities operator is able to validate the recoverability and cleanliness of their most important backups 24/7. For this organisation, system downtime would mean that millions of customers would be without essential utilities. You can read the case study here.

If you’re not familiar with Predatar Recovery Assurance this short video will give you an overview in less than 2 minutes.

Conclusion

In today’s threat-driven environment, organisations must embrace a proactive and dynamic approach to MVB validation. By leveraging automated testing, continuous monitoring, and advanced malware scanning capabilities, organisations can significantly enhance their resilience, minimise downtime, and ensure business continuity in the face of unforeseen challenges. This proactive approach not only protects the bottom line but also strengthens customer trust and solidifies a competitive advantage in the marketplace.

POCABAR’s journey began unexpectedly in 2014, sparked by a phone call. Wolfgang Mair, a seasoned IT professional, was approached by an old client with an urgent infrastructure issue. After resolving the problem, Wolfgang woke the next day inspired, registering ‘POCABAR’ as the company’s name. There was no initial master plan—just the resolve to deliver excellent service. However, as the business matured, a structured focus on cybersecurity and enterprise infrastructure emerged, shaping POCABAR’s unique identity.

Building a Foundation for Success

For the first two years, POCABAR thrived on organic growth, getting the “right people on the bus” and fostering a work culture rooted in collaboration and enjoyment. “Once the ship is moving,” Wolfgang says, “steering it becomes much easier.” This philosophy of adaptability and fun has been central to the company’s evolution. Starting with its core expertise in enterprise infrastructure, POCABAR developed an innovative cybersecurity strategy from the ground up.

Leading Through Innovation: The SADDI Service

One of POCABAR’s standout innovations is its SADDI Cyber Resilience Service, featuring a mobile recovery solution. This service, initially a ‘ruggedized’ rack-mounted mobile data center, allowed clients to recover operations quickly, even in remote areas. Over time, this evolved into a cloud recovery solution offering enhanced accessibility and separation of duties. These advancements ensure clients can recover securely and efficiently, particularly in today’s regulated environment shaped by frameworks like DORA and NIS2.

The adoption of automation has further cemented POCABAR’s leadership. Tools like Predatar Recovery Assurance enable POCABAR to scale its services while maintaining operational efficiency. Automated testing and validation processes have allowed the company to deliver value to clients without significantly increasing operational overhead.

A Commitment to Quality

POCABAR’s success is driven by an unwavering commitment to quality—a principle deeply rooted in its German heritage. Wolfgang emphasizes quality in every aspect of the business, from hiring practices to customer relationships. The company’s hiring process ensures cultural fit and excellence, fostering a team dynamic akin to a family. Many team members have worked together for decades, contributing to a cohesive and highly productive environment.

When it comes to customers, POCABAR prioritises those who align with its values and vision. Wolfgang describes the selection process as finding the right fit for a long-term partnership, where mutual compatibility and shared goals are essential. Clients unwilling to adopt POCABAR’s rigorously tested, single-source technology solutions are politely declined, ensuring that the company maintains its commitment to quality and seamless service. This approach fosters strong, collaborative relationships that deliver exceptional outcomes for both parties. Wolfgang cited an example where a customer wanted a particular brand of firewall to customise the SADDI service, a request which was declined. POCABAR’s approach is the antithesis to that of the more common reseller type business.

Looking Ahead: Talent and International Expansion

As POCABAR embarks on its next decade, Wolfgang is focused on maintaining the company’s high standards. By partnering with local universities, POCABAR nurtures young talent through apprenticeships, ensuring the next generation upholds the company’s values and innovation.

International expansion is the next frontier. Following initial success in the Gulf states, POCABAR aims to replicate its model globally, bringing its unique blend of innovation and quality to new markets. The company’s branding—evoking the Bavarian Alps and mountaineering—reflects its ethos: encouraging the team to step out of their comfort zones and strive for the next challenge.

POCABAR and Predatar

POCABAR’s relationship with Predatar goes much deeper than a typical customer/supplier arrangement. POCABAR has been selected as one of Predatar’s APEX partners, an elite group of service providers around the world with the capabilities and ambition to deliver world-leading cyber resiliency services with Predatar tech under the hood. Predatar CEO, Alistair Mackenzie explained “There was never any doubt that POCABAR has what it takes to be one of our elite partners. Not only do they have the skills and the vision, but we love their culture and energy too.”

Conclusion

POCABAR’s journey from accidental beginnings to a trailblazer in cybersecurity exemplifies the power of adaptability, innovation, and commitment to excellence. With tools like Predatar enabling operational efficiency and a focus on talent and international growth, POCABAR is poised to scale new heights over the next decade.

Discover how to get in touch with POCABAR or find a Predatar APEX Partner near you.