On July 19, 2024, an update from cybersecurity giant Crowdstrike malfunctioned and crippled hundreds of thousands of  businesses across the globe. While the incident wasn’t the result of a cyber breach, it was a stark reminder of the potential consequences of even momentary IT disruptions to business operations and nation-state activities. The escalating frequency and sophistication of cyberattacks, coupled with the increasing reliance on digital infrastructure, continue to underscore the need for robust recovery solutions.

Little wonder the cyber incident response market is experiencing explosive growth and is projected to reach $75 billion by 2030, according to Grand View Research. Malicious actors are continually developing new methods to bypass security measures, making it essential for companies to not only focus on prevention but also on rapid and effective recovery solutions.

While there were several headlines about the Crowdstrike incident three weeks ago, industry expert Alex Yevtushenko, CEO of incident recovery company Salvador Technologies, discusses the biggest lesson for CISOs to learn from the incident.

The Need for Fast Recovery

CrowdStrike’s update malfunction highlighted the vulnerabilities that even the most advanced security systems can have. The incident demonstrated the severe consequences that can result from even a momentary disruption. Businesses around the world experienced significant downtime, and the importance of having a robust incident response plan in place became evident.

As Yevtushenko notes, “Cyberattacks and IT failures are not a question of if, but a question of when” and claims that “CISOs should additionally think about how to recover from such incidents, as this will save the organization from unplanned downtime.”

Yevtushenko says the recovery of operational endpoints should be based on a complete, offline copy of the system, including the operating system, applications, data, configurations and even device drivers. “We believe in the principle of ‘one-to-one’ recovery,” he says, “and if a system is compromised, you need an identical system to restore operations rapidly.”

One-To-One Recovery

He adds that the ‘one-to-one recovery’ method goes beyond traditional backup solutions by recreating the entire system environment, which is crucial for critical infrastructure and industrial systems where downtime can have catastrophic consequences.

When a cyber incident occurs, businesses must be able to initiate a recovery process immediately, restoring operations within minutes. “It’s like having an alternative cloned disk immediately replacing the compromised one and getting the operation up and running within minutes.”

This is an area where Salvador Technologies has garnered significant attention for its ability to enable critical infrastructure and industrial clients to recover swiftly from events like the CrowdStrike incident. For instance,  a large hospital leveraged the solution to ensure uninterrupted healthcare services and safeguard patient data. Similarly, a major chemical manufacturing company was able to maintain minimal production disruption by using the company’s platform.

The Future of Cyber Threats

As cyber threats continue to evolve, with AI-driven attacks becoming increasingly prevalent, the demand for effective recovery solutions will only intensify. Hackers will continue employing AI to craft more sophisticated and harder-to-detect attacks, posing a significant challenge to traditional security measures.

For Bipul Sinha, co-founder and CEO at data security company Rubrik, buyer conversations are already changing, as cybersecurity becomes more of a strategic priority among the C-Suite. “100% of my conversations in the UK have been with CISOs and CIOs. Cyber resilience is the future of cybersecurity and you can see how the market is changing by who we are talking to,” says Sinha.

By prioritizing incident response planning and investing in advanced recovery technologies, organizations can mitigate the risks associated with cyberattacks and ensure business continuity.

“Incident recovery should and, we believe, will focus a lot on automation — test the data and recover it automatically after validation. Manual recovery processes that are used today will have minimal or have no involvement by humans, whether based on AI or other techniques to automate the process,”  says Yevtushenko.