Disaster Recovery vs. Cyber Recovery
Traditional DR protects against fire/flood, not hackers: Real-time replication often copies ransomware to your secondary site instantly.
NIS2 demands more than uptime: The new Dutch Cyberbeveiligingswet requires “business continuity management” that specifically addresses cyber incidents, not just physical disasters.
The solution is a “Cleanroom”: You need an isolated recovery environment to verify data integrity before restoring it to production.
Cost vs. Risk: Moving from physical secondary sites to DMaaS (Data Management as a Service) or cloud-based cyber recovery reduces overhead while increasing resilience.
Table of Contents
Is Your Disaster Recovery Site a Ransomware Target?
If you are an IT Manager in 2025, you likely have a Disaster Recovery (DR) plan. You might even have a secondary data center—a “warm site” in a colocation facility in Amsterdam or an Azure region that replicates your production environment.
For decades, this was the gold standard. It protected you if your primary server room flooded or lost power.
But in 2025, your biggest threat isn’t a flood. It’s ransomware. And against ransomware, your traditional DR site might actually be part of the problem.
If you are replicating data in real-time to a secondary site, you are likely replicating the malware, too. When you hit the “failover” button, you don’t recover your business; you recover the virus.
This article explains why we must stop building “Disaster Recovery” sites and start building Cyber Resilience architectures—especially if you are a Dutch healthcare provider or essential entity facing NIS2 regulations.
The “Dirty Data” Problem: Why Traditional DR Fails
Traditional DR relies on Low RPO (Recovery Point Objective). You want to lose as little data as possible, so you replicate constantly.
- Scenario: A hacker infiltrates your HIS (Hospital Information System) or ERP at 03:00 AM.
- The Traditional DR Flaw: Your replication software sees the encrypted files or the hacker’s backdoor as “new data” and immediately copies it to your DR site.
- The Result: Both your primary and secondary sites are compromised. You have redundancy, but you do not have resilience.
The Shift: From Disaster Recovery to Cyber Recovery
To survive a modern attack, you need a different architecture. We call this the shift from Availability (keeping it running) to Recoverability (getting it back clean).
| Feature | Traditional DR Site | Cyber Recovery / Resilience Site |
| Primary Goal | Business Continuity (Uptime) | Data Integrity & Restoration |
| Trigger | Natural disaster, Power outage | Ransomware, Insider threat, Corruption |
| Data State | Always online, Replicated immediately | Air-gapped or Immutable |
| Network | Connected to Production LAN | Isolated (disconnected until needed) |
| Recovery Process | Instant Failover | Forensic Inspection (Cleanroom) -> Restore |
The “Cleanroom” Concept
A Cleanroom is an isolated environment (usually in the cloud) where you can mount your backups without connecting them to the production network.
How it works:
- Immutable Storage: Your backups are stored in a WORM (Write Once, Read Many) format. Ransomware cannot encrypt them.
- Mount & Scan: When an attack occurs, we spin up the Cleanroom. We mount the immutable backups.
- Forensic Check: We use AI-driven tools to scan the data for Indicators of Compromise (IoCs). We ensure the backup is free of dormant malware.
- Safe Restore: Only clean, verified data is moved back to production.
NIS2, ISO 27001, and Dutch Compliance
In the Netherlands, the Cyberbeveiligingswet (implementing NIS2) imposes strict “Duty of Care” obligations.
The “All-Hazards” Approach
NIS2 explicitly mentions “Business Continuity Management” (Article 21). It requires you to consider an “all-hazards approach.” This means your DR plan cannot just account for a power outage; it must account for a cyber incident.
If you are audited under NIS2 (or ISO 27001:2022), an auditor may ask:
“How do you ensure that your failover site is not compromised by the same incident that took down your primary site?”
If your answer is “we replicate everything instantly,” you may fail the audit. You need to demonstrate segregation of duties and immutable copies.
Practical Steps: Modernizing Your Resilience Strategy
You don’t need to scrap your existing investment, but you do need to harden it.
Step 1: Implement “Immutable” Storage Immediately
Whether you use NetApp, Commvault, or Microsoft 365 backup, ensure that your backup target is configured as immutable. This is your “break-glass” copy that no admin credential can delete.
Step 2: Stop Relying Solely on Replication
Replication is for availability (RTO). Snapshots and Backups are for recovery (RPO). You need both. Ensure you have a “Gold Copy” that is not accessible from the main network.
Step 3: Test Your “Cyber RTO”
Most IT managers know how long it takes to failover (e.g., 4 hours). But do you know how long it takes to:
- Identify the breach?
- Isolate the network?
- Spin up a clean environment?
- Scan 10TB of data for malware?
- Then restore?
This is your Real-World RTO. It is usually measured in days, not hours. Reducing your Real-World RTO by automating the “Cleanroom” process is the key here.
Checklist: Is Your DR Site Cyber-Resilient?
Use this checklist to assess your current strategy against 2025 standards.
[ ] Immutability: Is there at least one copy of data that cannot be modified or deleted (even by root/admin)?
[ ] Air-Gapping: Is your backup storage logically or physically separated from your production network?
[ ] Cleanroom Capability: Do you have a pre-configured isolated environment to test/clean data before restoring?
[ ] Identity Isolation: Are the credentials used for backup management separate from your standard Active Directory domain admins?
[ ] 3-2-1-1 Rule: Do you have 3 copies, on 2 media, 1 offsite, and 1 immutable/offline?
[ ] Documentation: Does your Incident Response Plan (IRP) specifically detail the sequence of recovery for a ransomware event (not just a server failure)?
FAQ: Common Questions
Q: Does Microsoft 365 count as a Disaster Recovery site?
A: No. Microsoft ensures the infrastructure (Exchange, SharePoint) is running, but they do not protect your data from corruption or deletion. If a user deletes a file or ransomware encrypts your OneDrive, Microsoft replicates that deletion/corruption. You need a third-party backup solution for true resilience.
Q: We use Veeam/Commvault/NetApp. Are we safe?
A: Buying the tool is not enough; it must be architected correctly. For example, if your Veeam repository is joined to the same Windows Domain as your production servers, a hacker who compromises the Domain Admin can delete your backups. The difference: Configuring these tools for “Zero Trust” resilience.
Q: Is a cloud DR site cheaper than a physical one?
A: Usually, yes. With a physical site, you pay for idle hardware “just in case.” With a cloud-based Cyber Recovery site, you pay for storage (cheap) and only pay for compute (expensive) when you actually need to test or recover. This is the model of Data Management as a Service.
Q: How does this affect our ISO 27001 certification?
A: The 2022 update to ISO 27001 (Control 5.30) emphasizes “ICT readiness for business continuity.” Moving to a Cyber Resilience model provides stronger evidence that you can recover from the most likely disruptive events (cyberattacks), helping you pass audits with confidence.
Leave a Reply