What Is Disaster Recovery Planning?

THE AUTHOR

James Green
October 29, 2021

What Is Disaster Recovery Planning?

We recently asked renowned Ransomware Expert Allan Liska: "What should you do, if you've been encrypted?" see his response in this video, and in case you've missed it, here's the transcript:


Scott Bekker:

Allan, let's talk about disaster recovery and disaster recovery planning in particular. A lot of the terms that you'll see people talking about are RPO and RTOs. But what else should they be thinking about? What's often left out of a disaster recovery plan?

Allan Liska:

Well, I think most organizations, if they have a disaster recovery plan, plan for a single incident failure. So what happens if my exchange server goes down? How fast can I recover from that? When you get hit with a ransomware attack, often it's all of your servers that have gone down. And how does your disaster recovery plan account for that? So if you can restore your exchange server and get it back up and running in four hours, what happens when there are 1,999 other servers? Is it going to take you 8,000 hours? No. Realistically, it's not.

Scott Bekker:

Right.

Allan Liska:

There are force multipliers in there. But there are still limitations because you can't say, "Oh, well, I can recover my entire network in four hours." There's bandwidth limitations, there're personnel limitations, there's processor limitations, et cetera, that are involved in all of that. And so you really have to calculate when you're doing your disaster recovery planning realistically, how fast can you start restoring if you have to restore everything and how fast can you finish restoring?

Scott Bekker:

Gotcha. So you talked about RTO, RPO. What do you call that other thing?

Allan Liska:

I think that it's the actual. It's the RTA, RPA. So what is the actual time?

Scott Bekker:

Yeah.

Allan Liska:

And really, what you have to figure that out is, how are you going to marshal resources?

Scott Bekker:

Okay.

Allan Liska:

Because one of the biggest costs in ransomware recovery that people don't think about is personnel cost. You can bring in an incident response team, and you're going to pay them an awful lot of money per hour to restore your endpoints and your desktops and your servers and so on. And that may be what you have to do. But where else can you get resources from? Do you have... Can you bring in your IT team, if you have an IT team? Can you bring in other people that work for your company and give them a detailed list of, "Here's the steps you need to go through for disaster recovery," and deputize them, if you will, "Hey, you're now part of the disaster recovery team?" That only works if you've planned this out though, that if you've got the steps, "This is what we do when we have disaster recovery," and you have that very clearly documented and up-to-date, so that you can say, "Okay. You're now DR, and get to work," and you have the ability to do that.

Scott Bekker:

Right. What are some of the other components of disaster recovery planning?

Allan Liska:

So one of the things people don't think about is, are you going to actually recover those machines? Are you going to completely replace them? And if you're going to completely replace those machines, which winds up happening a lot of the times, maybe not your servers, but a lot of the endpoints, "You know what? We're just going to buy all new endpoints and recycle the old ones because there're maybe artifacts of the ransomware active or left on there. Rather than take a chance, it's just easier. Because hopefully, nobody's storing personal things on their endpoint." I know that's not always the case. And if you are going to do that, if that's part of your disaster recovery plan, can you actually source those?

            Especially now when there's chip shortage and it's often difficult to get the systems that you need, can you easily source that? Are you sure that you can actually still easily source the service that you need, bring them in, get them back up and running as quickly as possible? A lot of technical debt winds up being uncovered and remediated during the ransomware recovery process. So things that IT and security teams have been asking for, for years, suddenly you have the ability to do that because you're basically rearchitecting your entire network at that point.

Scott Bekker:

Yeah. Those are great points. All right. Thanks for a lot to think about there on disaster recovery planning, Allan, for sure.

Allan Liska:

Great. Thank you.


Interested in viewing more videos about Ransomware? Visit our Ransomware Video Gallery

Sign Up For Our Newsletter

Don't worry, we hate spam too!

Other Articles You May Be Interested In:

Get Help Preparing For; Preventing;

Or Recovering From Ransomware Now

Get The Latest On Ransomware 
Right In Your Inbox

Sign Up To Receive Our 
Monthly Ransomware Newsletter

envelope
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Share via
Copy link
Powered by Social Snap