How to Restore IT Systems without a Recovery Point
“Apocalyptic” isn’t too strong a word to describe the situation. Whether it was caused by a malicious criminal act like a ransomware attack, resulted from a fire, flood, or other natural disaster, or arose from the inevitable failure of aging hardware, if your IT systems suffer catastrophic damage and you don’t have reliable backups on hand, you’re in a tough spot. You’ll almost certainly lose institutional knowledge, customer data, and valuable intellectual property—key ingredients contributing to the overall profitability of your business.
This situation is disconcertingly common: 96 percent of organizations will experience a major IT outage over the course of a three-year period, and among them, 53 percent will need to lay off at least one employee in the aftermath of the event. Many will close their doors permanently. In today’s world, a place where data is among every business’s most valuable assets, it’s extremely challenging to recover from its permanent loss.
The best idea, of course, is to make certain that you maintain well-tested and reliable backups of business-critical data and other vital software resources. Businesses with data backups and fully-developed disaster recovery and continuity plans can resume operations far more quickly, with vastly lower costs, than those that don’t. There’s simply no painless or easy alternative.
But what if it’s already too late? Some of today’s most sophisticated strains of ransomware are specifically designed to target shared network drives and purposefully seek out duplicate files with the goal of destroying backups. Other organizations may find that their backup systems failed (all tape backups someday will), were improperly managed, or suffered irreparable harm.
It is possible to restore your IT systems even if you don’t have a usable copy of your data available, but the process will be difficult, expensive, and time-consuming. It’s critical to have highly qualified expert assistance, since you’ll need to build more resilient computing infrastructures to prevent the situation from happening again in the future. And you’ll want to accomplish this quickly so that your employees can get back to work.
When disaster strikes, having a well-thought-out plan can make all the difference. Here are five essential steps to take when you need to recover systems without backups.
#1: Take a step back to strategize
Though it’s hard to think about, you must first figure out whether or not you’ve experienced a business-ending event before you begin planning to restore your systems. You’ll want to evaluate your insurance policies to assess how much (if any) of your damages or recovery costs will be covered. And you’ll also need to estimate how long you’ll be able to survive in the face of interrupted operations. In what circumstances would a bankruptcy declaration make the most sense? Would paying more per day for IT labor and staffing enable you to recover more quickly, reducing downstream costs and long-term damage?
These are all financial questions, and should be approached calmly, logically, and in light of quantitative evidence to the extent that it’s possible for you to do so.
#2: Stabilize the situation before moving forward
With ransomware and other cyber criminal attacks, you must be sure you’ve remediated the vulnerability that allowed the initial exploit to proceed or you risk immediate re-infection.
We’re collaborate with Bryce Austin, an internationally renowned authority and professional speaker on emerging technology and cybersecurity issues. Bryce has extensive firsthand experience in cybersecurity crisis management, having served in a leadership role in the Cybersecurity and Retail Risk Analysis unit at Target during the time of the company’s 2013-2014 data breach. He advises C-level executives and board members of enterprises in a broad array of industries on cyber risk management and optimizing decision-making.
Bryce emphasizes the importance of ensuring that vulnerabilities are remediated before the full-scale recovery process begins. Beginning to restore systems without doing this is like bailing out a boat when its hull is still leaking.
“If a large-scale ransomware attack hits and you don’t have a restore point, the recovery process will often be measured in days rather than minutes,” explains Bryce. “It is critical to identify the initial point of infection before bringing your systems back online, as a determined cybercriminal will start the ransomware process over again the minute he or she regains access to your systems.
#3: Then take inventory of your IT systems, figuring out what hardware to keep and what to replace
It’s simple: outdated systems that are no longer supported by their vendor cannot be part of a secure computing environment in today’s world. Some “legacy” hardware—as such systems are called—will be more expensive to restore to working order than it’d cost to replace it. You’ll need to examine the entirety of your IT infrastructure carefully. Which systems and devices were infected? Can any backups be recovered? What’s junk, and what can be kept?
The larger the IT recovery team you can bring in, the faster you’ll be able to rebuild your systems. This is why you’ll need a service provider with access to the right resources—a staff that’s large and experienced enough to be able to get the job done quickly. Generally speaking, the sooner you can get back on your feet and resume regular operations, the lower the long-term costs and less severe the consequences of the incident will be.
#4: Make sure you have the right project and crisis management staff in place
Every IT disaster recovery project should draw upon the skills of two project managers who have experience working under pressure and in crisis situations. One will handle the technical aspects of the project, ensuring that all hardware- and software-related tasks are completed in the right order and on schedule to get your systems back online as soon as possible. The other should be in charge of managing employee and customer expectations within the business. The two should communicate extensively and in detail. Their collaboration is vital to a smooth recovery.
You’ll want to ensure that the service provider you call in to assist you has experience working with clients in your industry. This way, both project managers and engineers will already be familiar with the tools and equipment you’re likely to be operating, and will understand how your business processes work. This enables the team to hit the ground running, simplifying and speeding up the entire recovery process.
#5: Security must be baked into your newly rebuilt systems from the very start
Amidst all the stresses and pressures of an IT emergency, it can be tempting to brush security concerns aside, or think of them as something to worry about later. In reality, however, ransomware victims are more than twice as likely as the average organization to suffer further attacks. The only way to reduce your risks is to be proactive when building new systems and creating policies. Include security at every step along the way, tightening controls and ensuring system activities will be logged and monitored going forward.
Those firms that do manage to recover from a ransomware attack or other major IT emergency (even without backups) often emerge from the ordeal stronger and more resilient than ever before. Be sure to hire a highly qualified service provider to guide you through the process, since it’s vital to get it right the first time. With newly rebuilt IT systems that are up-to-date and well-managed, you’ll be far less likely to fall victim to cybercrime. And in the unlikely event that this did happen, you’d have resources in place that would allow you to recover quickly and with minimal disruption to operations. Taking a proactive approach is more than worthwhile: it may decide whether or not your business survives.
Want to know more about what to do in worst-case IT scenarios? Download our most recent eBook, “The Definitive Guide to Recovering from IT System Outages,” to take a deeper dive into the subject.