Gartner Research

Backup and Recovery Best Practices for Cyberattacks

Published: 22 June 2017

ID: G00321437

Analyst(s): Ray Schafer


Destructive malware and cyberattacks are causing unprecedented business losses as they increase in number and sophistication. This research provides guidance for technical professionals who prepare and use backup systems to ensure greater success in recovery from cyberattack.

Table Of Contents

Problem Statement

The Gartner Approach

The Guidance Framework

  • Prework: Organize for Cyberattack Recovery
    • Prework Phase 1: Establish a Cyberattack Response and Recovery Working Group
    • Prework Phase 2: Configure Backup Environment
    • Prework Phase 3: Prepare a Recovery Process and Environment
  • Step 1: Assess the Situation and Define a Recovery Plan
    • Step 1.1: Understand the Attack
    • Step 1.2: Identify Affected Systems
    • Step 1.3: Prioritize Recovery
  • Step 2: Recover Systems and Move to Production
    • Step 2.1: Identify the Recovery Mechanism
    • Step 2.2: Allocate Isolated Recovery Environment Resources
    • Step 2.3 Recover Systems and Data
    • Step 2.4: Scan and Cleanse
    • Step 2.5: Move Recovered Systems Into Production
  • Step 4: Improve IT Preparedness
    • Step 4.1 Understand the Response to the Attack
    • Step 4.2 Improve Recovery Protection for Cyberattacks

Risks and Pitfalls

  • Risk: Lack of Understanding the Attack Profile
    • How to Mitigate
  • Pitfall: Paying the Ransom
    • How to Avoid
  • Risk: Protect the Backup Systems
    • How to Mitigate
  • Pitfall: Storing Data on the Application or OS Disk
    • How to Avoid
  • Related Guidance

Gartner Recommended Reading

©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.