Is Your Cyber Recovery Plan, a Disaster Recovery Plan in Disguise

We hear a lot about disaster recovery within IT circles, as we should. A Disaster Recovery (DR) strategy is a solution designed to get your organization through the unthinkable. Your DR plan comes to mind when the unimaginable happens such as when a tornado rips through the block where your datacenter resides or when a fire engulfs a building hosting many servers. DR events usually constitute things such as a natural disaster, regional power loss or geopolitical event. Whatever the reason, it is essential to transfer operations seamlessly from the impacted site to an alternate one. be it another physical location or a public cloud.

Restoring Business Continuity

The true objective of a DR strategy is to minimize downtime and restore businesses continuity as quickly as possible. It’s important to recognize that not all disruptions to business continuity qualify as disasters. Examples of such incidents include:

  • A DDoS attack targeting critical web applications, hindering customers from completing transactions.
  • A contained ransomware attack that nonetheless disrupts servers containing vital company data.
  • An accidental deletion of crucial data by a user with extensive privileges.
  • A widespread phishing attack leading to the compromise of numerous employee accounts.

While such incidents are certainly disrupting and impactful, they don’t constitute a disaster. These are scenarios where a Cyber Recovery Plan is essential. Ironically, despite the higher likelihood of such non-disastrous events occurring, disaster recovery sometimes garners more focus within organizational planning.

How Disaster Recovery and Cyber Recovery Differ

The focus on disaster recovery often stems from its clear, technology-focused solutions that IT departments can readily implement. These solutions are sold as a comprehensive package that internal IT can easily consume and communicate to executive leadership, the final decision rests with the IT leadership. Cloud-based DR solutions are popular today, allowing organizations to easily switch over to backup resources hosted within a public cloud when they are needed. In many ways, the process is akin to an insurance policy that is activated at the time of disaster to enable full recovery.

Conversely, Cyber Recovery Plans are more diverse and situational. For instance, there have been a multitude of stories over the years of a hospital whose systems are compromised by a targeted ransomware attack. Yet, even with digital systems down, hospitals continue to operate, with staff resorting to paper and pen for record-keeping to maintain critical patient care. This illustrates the essence of cyber recovery: maintaining operational continuity in the face of a cyber crisis that often requires a blend of traditional IT solutions and creative, non-technical approaches to overcome the challenges posed by the cyber incident.

Understanding a Cyber Recovery Plan

Unlike a Disaster Recovery (DR) plan, which is typically a technical, package-based solution, a Cyber Recovery (CR) Plan often takes the form of a comprehensive document filled with detailed charts and procedural steps. It is the “go-to book” that is usually compromised of documents, process flow charts, and spreadsheets outlining the procedures for restoring operations to normalcy from the current state.

The crafting of a CR Plan extends beyond the IT department, involving a balanced integration of people, processes, and technology. Effective communication is crucial, especially in the aftermath of a cyberattack. Therefore, the plan should include robust communication strategies, such as out-of-band communication procedures and contact details for the incident response team.

Just as a flashlight is essential in a power outage, a CR Plan must consider fundamental tools and resources necessary during a disruption. This comprehensive approach ensures that the organization is prepared to respond effectively to various cyber incidents, minimizing impact and facilitating a swift return to normalcy.

Involvement from senior leadership, including the COO, CFO, and CEO, is crucial since they are primary stakeholders in business continuity. Additionally, input from individuals who understand the business processes and the infrastructure that supports them is vital. This process involves extensive mapping to identify all dependencies and determine which departments and personnel are critical in the recovery effort. A successful CR plan is thus a collaborative effort, integrating insights from various areas of the organization to ensure a comprehensive and effective recovery strategy.

The Disaster of Ineffective Business Continuity Planning

A recent lacking example of a CR is the incident involving MGM. For a major Las Vegas casino property, the inability of guests to place bets, use electronic hotel room keys or use a basic credit card can be classified as disastrous. Yet, this disaster was caused by a simple vishing attack in which a simple phone call by an attacker convinced the help desk to reset the password of a highly privileged user. That call sent everything in motion.

While MGM’s IT department acted swiftly to disconnect systems and mitigate the cyberattack, the wider employee base was ill-prepared for maintaining operations and customer service in an offline context. This incident highlights the essential nature of CR planning that goes beyond IT crisis management, emphasizing the need for organization-wide readiness and training. It illustrates that effective CR strategies must prepare the entire organization, not just the IT department, for seamless operation during and after cyber disruptions.

Ensure Adaptability of your CR

While DR is limited to confined situations, your CR plan must be flexible enough to address any type of incident or threat that your business might be prone to. That’s why having regular risk assessments is important to understand what you might need to recover from. You need to ensure that your cyber recovery strategy is agile enough to adapt to the inevitable changes that will occur within your enterprise and your technology stack.  Given that cybersecurity is an ever-evolving science, your cyber recovery strategy should be periodically reviewed and updated to integrate new technologies and guard against emerging threats.


Both disaster recovery (DR) and cyber recovery (CR) play unique yet complementary roles within an overarching security framework, utilizing distinct methods and systems. While DR often encompasses aspects of CR, the reverse isn’t always true.

At Evolving Solutions, our team of seasoned security experts excels in all facets of cyber recovery. We offer valuable insights and guidance to help tailor a CR strategy that aligns with your organization’s specific needs. The optimal time to assess your CR strategy is not during a crisis but well in advance. Reach out to our team today to ensure that your CR plan is a reliable and comprehensive resource, ready to safeguard business continuity.

Jon Roberts

Security Architect

Jon Roberts is a Security Architect at Evolving Solutions. Connect with Jon on LinkedIn here.

Photo of Jon Roberts

Related Blog Posts