Cohesity: Is Your Enterprise Ready for a Modern Cyberattack?

The volatile cyber landscape has made one thing clear – cyber resilience is now a boardroom priority. 

Organisations look outside into an increasingly complex threat landscape, where the impact of an attack is catastrophic not just to technology and data, but to business operations and trust. 

Businesses realise this and are heavily pouring resources into security controls and backup infrastructure, yet the real test is when an incident actually materialises and critical operations have to be restored under pressure.

This raises questions around recovery priorities, operational continuity, business dependencies and organisational preparedness, all of which are central to resilience planning.

As cyber threats continue to evolve and digital ecosystems become more interconnected, organisations are rethinking how they define recovery success and what it truly takes to return to normal operations.

In this Q&A with Cyber Magazine, Prashant Desai, VP Sales Engineering Europe at Cohesity, explores the key considerations shaping modern cyber recovery strategies and resilience planning.

Why do most cyber recovery strategies fail during a breach?

Most strategies fail not because backups are missing but because organisations don’t recognise that cyber recovery is fundamentally different from disaster recovery.  

In a cyber incident, the challenge isn’t just restoring data, it’s knowing what’s safe to restore and in what order.

You’re recovering from a malicious compromise, not a simple system failure. Delays are often caused by teams rushing to bring everything back at once, slowing recovery and risking the reintroduction of compromised data that ultimately leads to re-infection and extends the time to full recovery.

The real issue is not technology. It’s the absence of a prioritised, trusted recovery plan that aligns business needs with technical execution.

What is a minimum viable company (MVC) in cyber resilience?

An MVC defines the smallest set of capabilities required for an organisation to continue operating during a cyber crisis.

It focuses on what must function to serve customers and meet obligations; not restoring everything at once as an equal priority.

It is also important to recognise that MVC planning and execution goes beyond IT. It includes people, processes, technology and dependencies needed to operate under extreme conditions, many of which fall outside the remit of either the CISO or the CIO.

It’s a business-led definition of survival. The increasing use of AI in organisations today further complicates this, with many more interlinked data set dependencies that must be considered.

By identifying what’s critical in the first 24/48/72 hours and beyond, organisations can prioritise recovery efforts and avoid unnecessary risk, and MVC makes a critical shift in mindset from restore everything to restore what matters most, in a fully trusted state.

How can organisations recover faster from cyberattacks?

Faster recovery is driven by reducing uncertainty and restoring trust. The biggest delays in responding to cyber incidents often stem from not knowing what’s affected or whether systems are safe to bring back online.  

It’s vital to recognise that, in the aftermath of a cyberattack, some business processes will (and should) be unavailable for a period but plan accordingly to ensure they don't impact the immediate return to core business-as-usual operations.

Leading organisations focus on validating and isolating clean data, then rebuilding in controlled environments. Capabilities like global search across backups, forensic validation and access to trusted rebuild assets achieve this.

Recovery speed is not just about how fast you can restore – it’s about how confidently you can decide what to restore and is where the MVC can define the most critical operations that must function to make the organisation operational.

Why does restoring all systems at once increase cyber risk?

Restoring everything at once may seem efficient, but it often increases both risk and recovery time.

It prioritises speed over trust and allows the reintroduction of malignantly compromised systems, malware or misconfigurations into the environment, meaning attackers regain access.

A bring it all back approach can also expand the blast radius through operational overload, making it harder for security teams to validate what’s actually safe.

The safest method is a deliberate one where an organisation restores just enough to operate. Typically, this starts with governance and communication, then identity and control systems, followed by business services and data.

Recovery should prioritise trust and integrity first, then scale. Bringing systems back too quickly without validation can simply recreate the conditions that led to the original breach. 

How do communication breakdowns impact cyber recovery efforts?

Communication breakdowns are very often the first real point of failure in a cyber incident response.

In many cyber incidents, core systems like email or collaboration tools are unavailable or untrusted, meaning that response coordination fragments immediately, slowing progress and increasing risk and this is often why these systems are prioritised by malicious actors.

Cyber recovery must be viewed as much as an organisational challenge as a technical one.

Establishing trusted communication channels outside the production environment is essential to maintain control and alignment during a crisis, so all teams can communicate with each other with clearly pre-defined contact lists and escalation path details to align on critical decisions, track tasks, and execute sequencing.

That’s why governance and communication must be well rehearsed, well established and clearly documented with extensive, full company exercises regularly completed to ensure an effective recovery sequence in a real attack.

What role do credentials and access controls play in recovery success?

Credentials and access controls are foundational to recovery because they establish trust. If identity systems are compromised or unavailable organisations can’t authenticate users.

This means they can’t enforce privileged access, validate configurations or operate core tooling reliably, making recovery plans unworkable. Attackers can also use compromised credentials to regain access, redeploy malware or undermine recovery efforts. 

That’s why organisations must prioritise restoring a clean, trusted identity layer, often referred to as Tier 0, before anything else.

Without secure access control, you may restore systems but you cannot operate safely or confidently and too often organisations only realise this mid-incident, with dependencies that were not initially recognised as recovery-critical and the recovery stalls, even if the business systems are ready to be restored. This is another critical component of an effective MVC strategy.