{"id":62036,"date":"2022-06-14T14:14:00","date_gmt":"2022-06-14T14:14:00","guid":{"rendered":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery"},"modified":"2023-11-30T12:25:19","modified_gmt":"2023-11-30T17:25:19","slug":"cyber-recovery-and-disaster-recovery","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery","title":{"rendered":"Cyber Recovery and Disaster Recovery &#8211;  Are They One and the Same?\u00a0"},"content":{"rendered":"\n<p class=\"\">How are you protecting your data from a ransomware attack or natural disaster? What is your recovery plan? Is your disaster recovery plan the same as your cyber recovery plan? The steps you take to protect your data might be the same, but your recovery efforts may vary. Both types of disasters could be devastating to your business, but what\u2019s critical is recovery. The average cost of downtime for large enterprises is more than $11,600 per minute,<sup>1<\/sup> and 40-60% of small businesses won\u2019t reopen after data loss.<sup>2<\/sup> So, the way you think about recovery matters.&nbsp;<\/p>\n\n\n\n<ul class=\"is-style-check-list-small wp-block-list\">\n<li class=\"\"><em><a href=\"#cyber\">What is a Cyberattack<\/a>\/ <a href=\"#natural\">Natural Disaster<\/a>\/ <a href=\"#disaster\">Disaster Recovery<\/a>\/ <a href=\"#cyberrecovery\">Cyber Recovery<\/a>?<\/em>&nbsp;<\/li>\n\n\n\n<li class=\"\"><em><a href=\"#cdrecovery\">How do Cyber Recovery and Disaster Recovery Differ<\/a>?<\/em>&nbsp;<\/li>\n\n\n\n<li class=\"\"><a href=\"#incident\"><em>What is an Incident Response Plan<\/em>&nbsp;<\/a><\/li>\n\n\n\n<li class=\"\"><a href=\"#types\"><em>What Are the Types of Cyberattacks<\/em><\/a><em>?<\/em>&nbsp;<\/li>\n\n\n\n<li class=\"\"><em><a href=\"#ransomware\">How does Ransomware Spread<\/a><\/em>&nbsp;<\/li>\n\n\n\n<li class=\"\"><em><a href=\"#fights\">How Commvault Fights Ransomware<\/a><\/em>&nbsp;<\/li>\n\n\n\n<li class=\"\"><a href=\"#measures\"><em>Ransomware Security Measures<\/em><\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyber\"><strong>What is a Cyberattack?<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">Gartner defines a ransomware attack as \u201ccyber extortion that occurs when malicious software infiltrates computer systems and encrypts data, holding it hostage until the victim pays a ransom.\u201d<sup>3<\/sup> A cyberattack is very different from a natural disaster attack. In this instance, your data is intentionally infiltrated. Bad actors have proactively gained access and placed malware into your environment, locking up your systems, hijacking critical data, and seeking ransom. It is estimated that a ransomware attack occurs every 11 seconds.<sup>4<\/sup>&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"natural\"><strong>What Is a Natural Disaster?<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">When a disaster strikes, such as a flood, earthquake, fire, or storm, your data environments are inadvertently shut down or even destroyed. In this instance, your data is not intentionally infiltrated. In 2021, there were 401 natural disaster events worldwide.<sup>5<\/sup>&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"disaster\"><strong>What Is Disaster Recovery?<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">Disaster recovery is the ability to regain access and functionality of critical data systems and IT infrastructure as soon as possible after a natural disaster occurs. It relies upon the replication of data from an off-premises location or cloud environment, where the data is backed up and not impacted by the natural disaster. In a disaster recovery situation, the goal is to restore business operations efficiently with minimal downtime and zero data loss, as the business readiness of the data is considered pre-qualified for recovery. In a disaster recovery situation, your efforts are centered on the efficiency of restoring operations.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cyberrecovery\"><strong>What Is Cyber Recovery?<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">Cyber Recovery aims to provide the ability to regain access and functionality of critical data systems and IT infrastructure as soon as possible after a cyberattack such as ransomware occurs.&nbsp; In a cyber recovery situation, your objectives are to get your business backup and running from an air-gapped and immutable copy of data, which assures you of data integrity. Data protection solutions with the implementation of zero trust architecture assure you a layered approach to defense even for your backup environment. However, \u201cseeing is believing\u201d and this is where it is important to ensure you are frequently validating the business-readiness of the data as part of the cyber recovery tabletop exercises. This can be achieved by performing application validation of the data using custom scripts in a network-quarantined sandbox environment. By doing so, you can prevent any potential re-infection of the environment and thereby contain the \u201cblast radius\u201d after an attack.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cdrecovery\"><strong>How do Cyber Recovery and Disaster Recovery Differ?<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">Cyber recovery and disaster recovery differ. With disaster recovery, the focus is on the Mean Time to Recovery (MTTR) of operations and the smooth functioning of business. In a best-case disaster recovery scenario, data is not compromised. As for cyber recovery, it is all about your business survival, focusing on data, applications, infrastructure and more.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-characteristics-of-disaster-recovery-vs-cyber-recovery\"><strong>Characteristics of Disaster Recovery vs. Cyber Recovery<\/strong>&nbsp;<\/h3>\n\n\n\n<figure class=\"wp-block-table is-style-table-datasheet\"><table><thead><tr><th><\/th><th><strong>Disaster Recovery<\/strong>&nbsp;<\/th><th><strong>Cyber Recovery<\/strong>&nbsp;<\/th><\/tr><\/thead><tbody><tr><td><strong>Principle requirement<\/strong>&nbsp;<\/td><td>Rapid means to recovery of business operations with minimal downtime. It is typically assumed that there is zero data loss.&nbsp;&nbsp;<\/td><td>Rapid recovery of business and its data, with zero data loss, and the assurance that data has not been manipulated or tampered with.&nbsp;&nbsp;<\/td><\/tr><tr><td><strong>Recovery objective expected&nbsp;<\/strong>&nbsp;<\/td><td>Recovery to the closest point in time.&nbsp;&nbsp;<\/td><td>Recovery to the closest point in time from an air-gapped immutable copy.&nbsp;&nbsp;<\/td><\/tr><tr><td><strong>Tools used<\/strong>&nbsp;<\/td><td>Typically requires replication tools to aid data replication between sites and locations, complete with orchestration to aid seamless failover and failback operations&nbsp;<\/td><td>Requires a host of tools and processes to confirm data has not been manipulated for the protection of applications, networks, use of SIEM\/SOAR ecosystem solutions for forensics &amp; analytics, and network monitoring tools.&nbsp;&nbsp;<\/td><\/tr><tr><td><strong>Frequency of testing&nbsp; recovery runbook<\/strong>&nbsp;<\/td><td>Typically, once every six months to a year.&nbsp;<\/td><td>As frequently as possible to validate the business readiness of data. Exercises include processes that engage incident response teams (IRT), legal, corporate, public relations,&nbsp; communications, third-party insurance, and IT teams. These tabletop exercises help minimize downtime during times of crisis so that it becomes collective muscle memory when it comes to recovery.&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"incident\"><strong>What Is an Incident Response Plan?<\/strong>&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/Social_Blog_Cyber-Recovery-and-Disaster-Recovery_Incident-Response-Plan_NO-CTA_1200x630_v1.1-2.png?w=1024\" alt=\"\" class=\"wp-image-52372\" style=\"width:355px;height:186px\"\/><\/figure><\/div>\n\n\n<p class=\"\">Do you have an incident response plan? Is your organization and its employees prepared for a ransomware attack or natural disaster?&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">All the teams involved must be able to play their part in the cyber recovery process effectively&nbsp;<\/p>\n\n\n\n<p class=\"\">They must be capable of exercising plans and have permission to execute those plans if something happens. During an actual attack, you don\u2019t want teams pointing fingers at each other regarding who is responsible for what. This is often referred to as \u201cIT Collision,\u201d which can significantly impact an organization\u2019s ability to respond to a cyber-crisis efficiently. Ensuring that all the key stakeholders and teams are enabled with the right permissions ensures that they can make swift decisions with authority \u2013 and this can be achieved by teams typically being given pre-authorization to perform prescribed actions. Process-induced latency to the recovery exercise can be eliminated without having to&nbsp; get&nbsp; people out of bed and onto a Zoom call to receive authorization.&nbsp;<\/p>\n\n\n\n<p class=\"\">As for C-Level executives, are your business leaders in sync? How many different business units and partners need to be involved in an incident response plan? Are you concerned about consequences to shareholders in the event of a ransomware attack?&nbsp;&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"\">It is important that executives drive a business impact analysis of the entire estate that includes PPT (People, Process, and Technology) to measure the overall impact of downtime after a cyber event.&nbsp;<\/li>\n\n\n\n<li class=\"\">Identify what needs to be part of the cyber recovery plan .&nbsp;<\/li>\n\n\n\n<li class=\"\">Identify teams that need to be engaged with as security teams, IRT\u2019s (incident response teams), cyber insurance partners, and data protection teams, as all need to work in close concert for the cyber recovery exercise to be effective.&nbsp;&nbsp;<\/li>\n\n\n\n<li class=\"\">Detailed processes need to be chalked out that need to be followed during a ransomware attack.&nbsp;<\/li>\n\n\n\n<li class=\"\">Finally, practice, practice, practice until it becomes collective muscle memory to be able to respond with minimal friction points during actual crisis response.&nbsp;&nbsp;<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"types\"><strong>What Are the Types of Cyberattacks?<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">It is easy to assume that all ransomware is similar, and it is not uncommon to think that one size fits all in terms of prevention and preparation. However, because each type of ransomware is usually developed to attack different, targeted networks, they can be very different in the way they operate. It is essential to understand the different types currently being used (keeping in mind that attackers are capable of combining multiple types of ransomware).&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">The strength of protection against any ransomware attack is in your defense strategy, especially given the rise in zero-day vectors with no known tactics, techniques or procedures (TTP).&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Six types of Ransomware:&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/Social_Blog_Cyber-Recovery-and-Disaster-Recovery_6-Types_NO-CTA_1200x630_v1.1-1.png?w=1024\" alt=\"\" class=\"wp-image-52353\" style=\"width:355px;height:186px\"\/><\/figure><\/div>\n\n\n<p class=\"\"><strong>CryptoWal<\/strong>l \u2013 is responsible for a high percentage of ransomware attacks. Typically, CryptoWall is used to attack targets through phishing emails. The WannaCry ransomware virus is a derivative of the Crypto family and was at the core of the largest cyberattacks ever perpetrated. Unfortunately, the creators of CryptoWall continue to release new versions designed to get around security protections.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Locky <\/strong>\u2013 as the name implies, Locky is what it does (locks you out of files and replaces the files with the extension .lockey). However, its name misses the most damaging part of this type of ransomware \u2013 its speed. Locky has the distinction of spreading to other files throughout the network faster than other ransomware strains.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Crysis<\/strong> \u2013 takes data attacks to a new level, actually kidnapping your data and moving it to a new virtual location. The significance of this aspect of the attack is that it qualifies as a breach if your company works with personal data; organizations must contact anyone who may have information on your network to stay in compliance with local, state, and federal guidelines.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>SamSam<\/strong> \u2013 attacks unpatched WildFly application servers in the internet-facing portion of their network. Once inside the network, the ransomware looks for other systems to attack.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Cerber<\/strong> \u2013 attacks the database server processes to gain access instead of going straight after the files. Its creators sell the ransomware software to criminals for a portion of the ransom collected, i.e., Ransomware-as-a-Service.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Maze<\/strong> \u2013 is a variant of ransomware representing the trend in what is called \u201cleakware.\u201d After data is encrypted, bad actors threaten to leak ransomed private data on the dark web unless the ransom is paid.&nbsp;<\/p>\n\n\n\n<p class=\"\">Safeguarding against ransomware must be at the forefront of organizations\u2019 security efforts.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ransomware\"><strong>How Does Ransomware Spread?<\/strong>&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/Social_Blog_Cyber-Recovery-and-Disaster-Recovery_Ransomware-Spread_NO-CTA_1200x630_v1.1-1.png?w=1024\" alt=\"\" class=\"wp-image-52354\" style=\"width:355px;height:186px\"\/><\/figure><\/div>\n\n\n<p class=\"\">Social Engineering is a key tactic used by cybercriminals to encourage unsuspecting users to download\/click a spurious link\/website. Ransomware is often spread through email phishing messages containing malicious links or by drive-by downloading, which occurs when a user unintentionally visits a contaminated site, and malware is downloaded onto the user\u2019s computer or mobile device. Once within the IT environment, threat vectors move laterally within the network until detected. The anatomy of a ransomware attack is typically to move through unstructured data to remain undetected for as long as possible. Until recently, malware and threat vectors have been known to gestate within an environment for up to 300 days while gradually encrypting data sets and wreaking widespread havoc.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">However, with more recent attacks, we find threat vectors being able to sweep in and achieve instantaneous, large-scale destruction by performing mass deletes or encryption. The speed of these attacks does not allow teams to respond fast enough. Therefore, ensuring that the data protection environment is safeguarded from day one against any pace of attack is key. Security professionals must rely on \u201cair-gapped and immutable\u201d backup copies as their insurance policy.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"fights\"><strong>How Commvault Fights Ransomware<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">Commvault data protection and recovery can be a valuable part of your anti-ransomware strategy. Commvault multi-layered security is built on zero trust principles and based on the National Institute of Standards and Technology (NIST) cybersecurity framework to protect data and enable quick recovery in the event of a ransomware attack. Commvault helps protect and isolate your data, provides proactive monitoring and alerts, and enables fast restores. Advanced technologies powered by artificial intelligence and machine learning, including honeypots, make it possible to detect and provide alerts on potential attacks as they happen so you can respond quickly. By keeping your backups out of danger and making it possible to restore them within your Service Level Agreements, you can minimize the impact of a ransomware attack so you can get back to business right away (and avoid paying expensive ransoms).&nbsp;<\/p>\n\n\n\n<p class=\"\">Protecting and isolating your backup copies is critical for data integrity and security. Therefore, Commvault has taken an agnostic approach to immutability. With Commvault, you do not need special hardware or cloud storage accounts to lock backup data against ransomware threats. If you happen to have Write-Once, Read Many (WORM)-, object lock- or snapshot-supported hardware (which Commvault fully supports), you can still use Commvault\u2019s built-in locking capabilities to complement and layer on top of existing security controls. Commvault\u2019s ability to support layered defense for securing data sets against ransomware ensures that our customers benefit from a sound cyber recovery-ready architecture. Here are some elements to include in your immutability architecture:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"is-style-check-list-small wp-block-list\">\n<li class=\"\">Access locks to isolate copy store against ransomware&nbsp;<\/li>\n\n\n\n<li class=\"\">Immutability with lifecycle locks to reduce risks, balanced with consumption impact&nbsp;<\/li>\n\n\n\n<li class=\"\">Air-gap isolation network and controls&nbsp;<\/li>\n\n\n\n<li class=\"\">Configuration governance to protect against intentional or accidental changes&nbsp;<\/li>\n\n\n\n<li class=\"\">Concurrent Recovery performance \u2013 reduce latency with due importance to speed and cost impact&nbsp;<\/li>\n\n\n\n<li class=\"\">Automatic patching to stay current, simplifying management and maintenance of data protection infrastructure&nbsp;<\/li>\n\n\n\n<li class=\"\">Alignment with the 3-2-1 data protection philosophy&nbsp; (3 copies of data, 2 different media, 1 vaulted copy)&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"\">Learn more about Commvault\u2019s immutable infrastructure architecture <a href=\"https:\/\/cloud.kapostcontent.net\/pub\/6ca15136-2ef2-480d-a0b3-40880bd364f8\/commvaults-immutable-infrastructure-architecture?kui=53TOsG8j3h3pz4vQ-ZDi4w\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Commvault Multilayered Security Protection<\/strong>&nbsp;<\/h3>\n\n\n\n<p class=\"\">With every environment having a mix of different infrastructures, securing backup data against random unauthorized changes can seem challenging. Just like securing your house, you need to identify the risks and enable the protection and monitoring capabilities to match your needs.&nbsp;<\/p>\n\n\n\n<p class=\"\">Many experts recommend having a layered anti-malware and ransomware strategy. Commvault has built these security capabilities into our data protection software and policies without the incremental management overhead. The Commvault data protection and management platform include five security layers:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/1_cyber.png\" alt=\"\" class=\"wp-image-55694\" style=\"width:609px;height:145px\"\/><\/figure><\/div>\n\n\n<ul class=\"is-style-check-list-small wp-block-list\">\n<li class=\"\"><strong>Identify<\/strong>\u202f and mitigate risks to backup data within a single interface&nbsp;<\/li>\n\n\n\n<li class=\"\"><strong>Protect<\/strong>\u202f by applying security controls based on industry-leading standards&nbsp;<\/li>\n\n\n\n<li class=\"\"><strong>Monitor\u202f<\/strong> for ransomware, insider threats, and other threats&nbsp;<\/li>\n\n\n\n<li class=\"\"><strong>Respond<\/strong>\u202f and take action on threats and continuously validate backup data&nbsp;<\/li>\n\n\n\n<li class=\"\"><strong>Recover\u202f<\/strong> data quickly across multiple on-premises, cloud, and hybrid environments&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"\">Commvault multi-layered security consists of feature sets, guidelines, and best practices to manage cybersecurity risk and ensure data is readily available. It is essential to understand that these capabilities are part of Commvault\u2019s core platform experience, Commvault Complete\u2122 Data Protection. There is no special licensing, no additional costs, and no required hardware or software. The layered security depth is enhanced through greater integration with Metallic\u2122 and Commvault HyperScale\u2122 X for those customers seeking the simplicity of Backup as a Service or a data protection appliance, respectively. \u202f\u202f&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"measures\"><strong>Ransomware Security Measures<\/strong>&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/Social_Blog_Cyber-Recovery-and-Disaster-Recovery_Ransomware-Security-Measures_NO-CTA_1200x630_v1.1-1.png?w=1024\" alt=\"\" class=\"wp-image-52355\" style=\"width:355px;height:186px\"\/><\/figure><\/div>\n\n\n<p class=\"\"><strong>Air gap:<\/strong> Traditionally, air-gapped networks have absolutely no connectivity to public networks. Tape is a traditional medium for air-gapped backups because tape can be removed from the tape library and stored offsite. To air gap secondary backup targets on disk or cloud, some access is needed, but communication is severed when it is not required. When the isolated data does not need to be accessed, communication is severed either by turning communication ports off, disabling VLAN switching, enabling next-gen firewall controls, or turning systems off.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Multi-factor Authentication (MFA)<sup>6<\/sup><\/strong>:<strong> <\/strong>This<strong> <\/strong>is a layered approach to securing data and applications where a system requires a user to present two or more credentials to verify a user\u2019s identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Least Privilege Access<\/strong>:<strong> <\/strong>This standard security practice provides access to users and\/or accounts with the bare minimum capabilities to do their job and nothing more. You decide who has access to what. This minimizes exposure if the account is compromised and limits data access leaks.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Perform Regular Backups with Immutability<\/strong>:<strong> <\/strong>Consider increasing the frequency of backups and expanding your data protection to a 3-2-1 backup strategy; 3 copies of your data, on 2 different media types, with a copy offsite and preferably air-gapped. Other essential data protection tools include encryption, write once, read many (WORM), and strict access controls.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Data immutability: <\/strong>Data that cannot be altered<strong>. <\/strong>To better protect against ransomware, ensure backup copies are immutable by using layered security controls, write once read many (WORM) capabilities, and immutable storage, as well as built-in ransomware protection for backup data.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Data encryption and key management<\/strong>: A technology in which data is translated into an unreadable form or code, and only users with access to a secret key or password can read it. Encryption at rest and in-flight ensures the backup data, even if exfiltrated, is rendered useless to bad actors without the decryption keys or password.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Anomaly Alerts<\/strong>:<strong> <\/strong>These<strong> <\/strong>indicate deviation from the expected pattern of data or events<strong>. <\/strong>Anomaly detection helps provide behavioral insight, giving your organization the ability to learn about identification patterns to understand your environment and recognize unusual behavior before a threat impacts your environment and business.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Honeypots<\/strong><strong><sup>7<\/sup><\/strong>: A network-attached system set up as a decoy to lure cyberattackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems. The function of a honeypot is to represent itself on the internet as a potential target for attackers &#8212; usually, a server or other high-value asset \u2013 and to gather information and notify defenders of any attempts to access the honeypot by unauthorized users.&nbsp;<\/p>\n\n\n\n<p class=\"\"><strong>Application hardening<sup>8<\/sup><\/strong>:<strong> <\/strong>A catchall term for protecting an app against intrusions by eliminating vulnerabilities and increasing layers of security. Data security involves multiple layers of defense that are not limited to the app itself: the host level, the operating system level, the user level, the administrator level, and even the physical level of the device all have vulnerabilities that a good security system must address. For this reason, application hardening might be called system hardening or OS hardening as well.&nbsp;<\/p>\n\n\n\n<p class=\"\">Whether you are hit with a cyberattack or face a natural disaster \u2014 the reality is your organization needs to be prepared and take steps to protect your data and work with a provider who offers rapid cyber and disaster recovery solutions. So how prepared are you? Read our <a href=\"https:\/\/cloud.kapostcontent.net\/pub\/09c892cf-0a85-47ad-b523-ff5069fbcaff\/understanding-team-roles-and-responsibilities-in-fighting-ransomware?kui=3jZGGVz1ilxLDtPs7oDV1w\" target=\"_blank\" rel=\"noreferrer noopener\">eBook on Understanding Team Roles and Responsibilities<\/a> in Fighting Ransomware.\u00a0<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>References<\/strong>&nbsp;<\/p>\n\n\n\n<p class=\"has-text-align-center has-small-font-size\">1.,2. Branko K: Web tribunal: 15+ scary data loss statistics to Keep in Mind in 2022, March 2022.  &#8211;  3. Gartner, 6 Ways to Defend Against a Ransomware Attack, by Manasi Sakpal, November 2020  &#8211;  4. Safe at Last, 22 Ransomware Statistics to Help Fortify Your Cybersecurity Models: Jan 2022  &#8211;  5 Statistica, Madhumitha Jaganmohan, Global Number of Natural Disasters Events 2007-2021, February 2022  &#8211;  6. CISA  &#8211;  7. TechTarget,&nbsp; Ben Lutkevich, Casey Clark, Michael Cobb, honeypot (computing)  &#8211;  8. Thales, Application Hardening&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Whether you are hit with a cyberattack or face a natural disaster \u2014 the reality is your organization needs to be prepared with Commvault.<\/p>\n","protected":false},"author":85,"featured_media":64285,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_custom_css":"","_custom_js_footer":"","_page_background_color":"","_remove_from_search":false,"_dark_mode":false,"_light_footer_mode":false,"_sidebar_form":{"id":"","name":"","cta":"","redirect":""},"_alert_notification_bar":{"show":true,"bg_color":"","content":"","call_to_action_label":"","call_to_action_link":""},"_footer_cta":{"show":false,"title":"","subtitle":"","cta_text":"","cta_link":"","background":{"id":0,"url":""}},"_cmv_customer_logo":{"id":0,"url":""},"_jetpack_memberships_contains_paid_content":false,"i18n_hreflangs":"","footnotes":""},"categories":[209,678],"tags":[],"cmv_author":[834],"class_list":{"0":"post-62036","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-disaster-recovery-2","8":"category-ransomware","9":"cmv_author-donna-namorato","10":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.0 (Yoast SEO v23.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cyber Recovery and Disaster Recovery - Are They One and the Same?\u00a0<\/title>\n<meta name=\"description\" content=\"Whether you are hit with a cyberattack or face a natural disaster \u2014 the reality is your organization needs to be prepared with Commvault.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Recovery and Disaster Recovery - Are They One and the Same?\u00a0\" \/>\n<meta property=\"og:description\" content=\"Whether you are hit with a cyberattack or face a natural disaster \u2014 the reality is your organization needs to be prepared with Commvault.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery\" \/>\n<meta property=\"og:site_name\" content=\"Commvault - English - United States\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Commvault\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-14T14:14:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-30T17:25:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/cyber-blog_.jpg?quality=80\" \/>\n\t<meta property=\"og:image:width\" content=\"957\" \/>\n\t<meta property=\"og:image:height\" content=\"548\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"dpauciullo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@commvault\" \/>\n<meta name=\"twitter:site\" content=\"@commvault\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dpauciullo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cyber Recovery and Disaster Recovery - Are They One and the Same?\u00a0","description":"Whether you are hit with a cyberattack or face a natural disaster \u2014 the reality is your organization needs to be prepared with Commvault.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery","og_locale":"en_US","og_type":"article","og_title":"Cyber Recovery and Disaster Recovery - Are They One and the Same?\u00a0","og_description":"Whether you are hit with a cyberattack or face a natural disaster \u2014 the reality is your organization needs to be prepared with Commvault.","og_url":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery","og_site_name":"Commvault - English - United States","article_publisher":"https:\/\/www.facebook.com\/Commvault\/","article_published_time":"2022-06-14T14:14:00+00:00","article_modified_time":"2023-11-30T17:25:19+00:00","og_image":[{"width":957,"height":548,"url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/cyber-blog_.jpg?quality=80","type":"image\/jpeg"}],"author":"dpauciullo","twitter_card":"summary_large_image","twitter_creator":"@commvault","twitter_site":"@commvault","twitter_misc":{"Written by":"dpauciullo","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery#article","isPartOf":{"@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery"},"author":{"name":"dpauciullo","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/0d027e3bbfd09715cc267f372fdc4c7e"},"headline":"Cyber Recovery and Disaster Recovery &#8211; Are They One and the Same?\u00a0","datePublished":"2022-06-14T14:14:00+00:00","dateModified":"2023-11-30T17:25:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery"},"wordCount":3068,"publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/cyber-blog_.jpg?quality=80","articleSection":["Disaster Recovery","Ransomware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery","url":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery","name":"Cyber Recovery and Disaster Recovery - Are They One and the Same?\u00a0","isPartOf":{"@id":"https:\/\/commvault-new.go-vip.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery#primaryimage"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/cyber-blog_.jpg?quality=80","datePublished":"2022-06-14T14:14:00+00:00","dateModified":"2023-11-30T17:25:19+00:00","description":"Whether you are hit with a cyberattack or face a natural disaster \u2014 the reality is your organization needs to be prepared with Commvault.","breadcrumb":{"@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery#primaryimage","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/cyber-blog_.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/cyber-blog_.jpg?quality=80","width":957,"height":548},{"@type":"BreadcrumbList","@id":"https:\/\/www.commvault.com\/blogs\/cyber-recovery-and-disaster-recovery#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.commvault.com\/"},{"@type":"ListItem","position":2,"name":"Cyber Recovery and Disaster Recovery &#8211; Are They One and the Same?\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/commvault-new.go-vip.net\/#website","url":"https:\/\/commvault-new.go-vip.net\/","name":"Commvault - English - United States","description":"","publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/commvault-new.go-vip.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/commvault-new.go-vip.net\/#organization","name":"Commvault","url":"https:\/\/commvault-new.go-vip.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","width":1200,"height":628,"caption":"Commvault"},"image":{"@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Commvault\/","https:\/\/x.com\/commvault","https:\/\/www.instagram.com\/commvault\/","https:\/\/www.linkedin.com\/company\/commvault","https:\/\/www.youtube.com\/user\/commvault","https:\/\/en.wikipedia.org\/wiki\/Commvault"]},{"@type":"Person","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/0d027e3bbfd09715cc267f372fdc4c7e","name":"dpauciullo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/26a1c2b1eb2dd35e14333ef22306348e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/26a1c2b1eb2dd35e14333ef22306348e?s=96&d=mm&r=g","caption":"dpauciullo"}}]}},"jetpack_featured_media_url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2022\/10\/cyber-blog_.jpg?quality=80","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/62036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/users\/85"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/comments?post=62036"}],"version-history":[{"count":4,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/62036\/revisions"}],"predecessor-version":[{"id":504114,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/62036\/revisions\/504114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media\/64285"}],"wp:attachment":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media?parent=62036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/categories?post=62036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/tags?post=62036"},{"taxonomy":"cmv_author","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/cmv_author?post=62036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}