Using a Disaster Recovery Plan Example to Accelerate Planning
Disaster recovery (DR) is an organization’s ability to recover systems and processes in the event of an incident that negatively affects the business. DR specifically involves disruptive events that are serious enough to interfere with or stop business operations.
Table of Contents
What Necessitates Disaster Recovery?
When people think of disaster recovery, they mentally jump to a natural disaster. Being prepared for such events, which have the capacity to damage facilities hosting information systems or cause power outages at a physical facility, is a component of any disaster recovery plan.
Just as important is recovering from cyberattacks, such as malware, DDoS, and ransomware. These types of malicious attacks can infect systems, corrupt data, and deny access to information, making business nearly impossible until remediated.
Finally, the most common vector of data loss is simple human error. Mistakes, such as accidental deletion of data and incorrect configuration of equipment, are capable of crippling an entire system.
The broad range of incidents that can lead to the loss of normal operations makes complete prevention unrealistic for most organizations. Proper recovery planning, underpinned by a thorough risk assessment process, is a vital element for running a business.
What is a Disaster Recovery Plan?
A disaster recovery plan (DRP) is a document that maps the actions an organization will need to take to recover following an incident. A DRP is a critical part of a business continuity plan (BCP), which allows the organization to continue operations after a disaster occurs.
One of the major goals of disaster recovery is to recover systems and information promptly, typically measured by recovery time objective (RTO). Limiting downtime is critical to avoiding intolerable consequences, such as financial loss and/or penalties, as well as reputational damage.
Creating a comprehensive plan before disaster strikes means that an organization will have the proper resources in place to execute on the disaster recovery plan, allowing for a quick response and limiting downtime.
Disaster Recovery Testing
A disaster recovery plan differs from other business activities, in that, in an ideal world, it will never be put into use. The only way for a business to know whether its disaster recovery strategies will work is through review and test procedures.
Ways to test a recovery plan include:
- Walkthrough tests – step-by-step review of the plan to ensure nothing has been overlooked
- Tabletop events – rehearsal of the plan in which team members are asked how they would respond to the event
- Simulations – using third-party tools, a team can run through their recovery processes in a simulation, separate from their production environment
Using Disaster Recovery Plan Examples
Organizations should study successful disaster recovery plan examples. Referencing real-world recovery plan examples can reveal steps that look good on paper but were unsuccessful in practice, or expose actions that were previously not included.
The best disaster recovery plan will incorporate components of successful recoveries, adjusted to meet the demands of the particular organization.
A Real-Life Disaster Recovery Example
Studying real-world disaster recovery examples is a useful exercise for MSPs creating DR plans for their clients. Below is a breakdown of a successful recovery that can be studied for both action items to implement and lessons to learn and avoid.
The Attack
This example follows a global financial institution headquartered in Europe.
In the early morning hours, a cyberattack triggered the company’s threat detection systems. Despite an immediate response, it was too late to stop the attack. The original breach had happened months earlier, passively surveilling the company’s assets and systems before switching to an active attack. By the time the threat was detected, it had already exfiltrated sensitive data and was using worm technology to spread across systems.
The Disaster Recovery Plan in Action
At this point, the institution’s head of governance initiated its disaster recovery and communication plan. First, the recovery team notified the relevant regulatory bodies and law enforcement agencies.
Next, they began recovering. They focused on restoring critical business services as quickly as possible while supporting SOC activities to identify and eliminate all active threats and exploitable vulnerabilities.
Affected systems were isolated from the network systems and restored from backups. Critical to this process was an attack analysis that determined the exact moment each device became infected. This analysis allowed the recovery process to restore each affected device to the latest known malware-free state to minimize information loss.
The recovery plan allowed the response to prioritize rebuilding those parts of the systems that supported the most critical business operations, with the recovery of less critical systems phased in over the following weeks.
The Aftermath
A series of post-incident reviews were conducted by the management team to evaluate the security response and recovery plan execution, as well as examine the root cause of the incident. The organization used these reviews to further optimize their disaster recovery plan. Going through the crucible of a real-world event allowed them to identify which parts of their recovery response worked and which components needed more work.
What MSPs Can Learn from this Real-world Example
Preparation is Key
The successful recovery in this example is a testament to the organization’s preparation. Having a plan in place enabled the organization to skip past figuring out what to do and immediately jump into mitigation and remediation.
MSPs who want to provide top-notch disaster recovery to their clients must have a DRP in place. Having an actionable plan that identifies not only what to recover, but how to recover it and in what order, is paramount to being able to quickly restore clients to full business operations
Backups are a Must-Have
The critical element of this organization’s successful recovery was its backups. Thanks to their regular backups (and associated retention policy), the recovery team was able to restore systems to a state before the malware was present.
Backups are the quickest and most cost-effective way to restore data that has been lost or corrupted. According to Sophos’ State of Ransomware 2023 report, nearly half of all companies that recover from backups can restore their data within a week. And those organizations that leveraged backups incurred half the recovery cost as those that did not.
True business continuity and disaster recovery is only possible if an MSP is backing up their clients’ data regularly.
DR Plans Should be Regularly Maintained
Disaster recovery planning is not a one-and-done activity – it must be continuously reviewed and updated. In this case, the financial institution knew exactly who was supposed to do what, who they were supposed to contact, and what actions they were supposed to implement.
MSPs should be maintaining their clients’ DR plans, continuously updating them to reflect changes to the client’s business, including organizational changes that affect the recovery team and their points of contact inside and outside the organization.
Creating a Disaster Recovery Plan
Not having a recovery plan in place is one of the biggest mistakes that a business can make. But even with a DRP in place, it is important to avoid common mistakes to ensure the plan is correct, complete, cohesive, and actionable.
4 Components of a Thorough Disaster Recovery Plan
Correct – A successful plan is its weakest link. Errors can derail recovery or make the incident worse. DRPs should be thoroughly reviewed by subject matter experts to identify errors before the plan is needed.
Complete – Omissions to the plan can leave an organization without immediate guidance, delaying recovery. Ensure the plan considers all credible threats so that the recovery team is not left to manage a disaster response on the fly.
Cohesive – All steps in a recovery plan must work together so that measures to recover one element do not have unforeseen consequences that hinder overall business continuity and recovery.
Actionable – Recovery steps must be actionable if the response is to be successful. Thorough testing offers the most effective method of evaluating the effectiveness of the recovery steps.
Common Mistakes in Disaster Recovery Plans
Common mistakes that can cripple an otherwise good disaster recovery plan include:
- Failure to identify relevant regulatory and contractual incident notification requirements and ensure compliance to avoid penalties.
- Failure to correctly identify and prioritize critical systems and business operations using risk assessment-based processes.
- Failure to correctly calculate worst-case recovery point objective and recovery time objective requirements.
- Failure to identify key personnel responsible for actioning the recovery plan.
- Failure to include a communication plan to handle items such as staff updates, shareholder briefings, and press releases to manage reputational impact.
How Axcient Can Help
Flexible BCDR
Axcient provides comprehensive and reliable backup and disaster recovery solutions. With a recovery point objective (RPO) of just 15 minutes and a recovery time objective (RTO) of less than 1 hour, Axcient x360Recover can deliver near-instantaneous disaster recovery.
With flexible deployment options, including appliance-based and direct-to-cloud deployments, it’s easy to implement either a traditional BDR plan or a cloud disaster recovery plan.
Axcient BCDR in Action
In 2021, Kaseya, a Florida-based IT services business, fell victim to an APT linked to the Russian state. The attackers compromised security applications used by Kaseya’s clients, performing a supply chain attack and spreading ransomware across the large customer base.
One affected organization was the New York-based MSP, Progressive Computing. They discovered that all of their 2,500 endpoints, including 250 servers across 80 clients, plus their MSP, was encrypted on the last working day before the July 4th weekend.
However, Progressive Computing was prepared, thanks to their partnership with Axcient. Axcient’s BCDR platform and Progressive Computing’s disaster recovery plan allowed them to quickly initiate disaster recovery procedures, determining the exact moment their systems became compromised and recovering from backups taken immediately before that time.
You can read more about how Progressive Computing recovered from this disaster in this case study.
Eliminate the Need for a Disaster Recovery Site
Axcient x360Recover Direct-to-Cloud eliminates the cost and complexity of a local appliance or data center. Back up all remote endpoints, desktops, laptops, servers, and workstations directly to the secure Axcient cloud, the public cloud, or even a private cloud.
Keeping offsite backups in the cloud ensures business continuity when the main site is damaged or office space is inaccessible due to a major incident. And with failover options like Virtual Office, x360Recover can also act as a hot site in the case of a disaster.
Conclusion
Disaster recovery plans are a critical asset for today’s businesses. From cyber attacks to natural disasters to human error, organizations need to be ready to remediate data loss and return to normal operations.
A successful recovery plan must be complete, correct, cohesive, and actionable. Proving out these features by comparing the plan to the real-world disaster recovery plan examples is an essential step, followed by thorough testing of the complete plan.
You can find planning resources and learn more about disaster recovery planning in the Axcient Resource Library, which includes valuable case studies and checklists.
Author
How well could you sleep with reliable cloud-based backups and recovery?
Take a deep dive into Axcient’s proprietary, automated security features to see how we’re ensuring uninterrupted business continuity — no matter what:
