BearingPoint’s Hisham Marie on business continuity and disaster recovery strategies and how they can be adapted to modern cyberthreats.
In today’s cybersecurity landscape, every organisation needs to be vigilant and proactive about protecting their systems from cybercriminals.
Regardless of sector, businesses need to ensure that their defences are up to date and that they have procedures in place to not only thwart a cyberattack, but also ensure that in the event of a breach, the disruption is as minimal as possible.
One method that’s commonly used for the latter is business continuity and disaster recovery (BCDR).
“BCDR is an organisation’s emergency playbook for staying operational during disasters – whether a cyberattack, power outage or natural event,” explains Hisham Marie, a principal cloud architect at BearingPoint.
“At its core, it’s about ensuring the business keeps running, no matter what the crisis is.”
For businesses, Marie explains this involves designing workflows and systems that can “pivot seamlessly” during disruptions, including how teams communicate when primary tools such as email or collaboration platforms are inaccessible.
“Think of it as rehearsing for emergencies: teams regularly simulate worst-case scenarios to ensure everyone knows their role when real disaster strikes,” he adds. “At its core, BCDR rejects complacency – it assumes no system or person is inherently safe.”
He says the ultimate goal of BCDR is to ensure that customers, employees and partners experience minimal disruption, even if recovery takes time. “Turning potential chaos into a well-rehearsed transition that keeps trust and operations intact.”
Old tactics, new threats
But while traditional BCDR can be beneficial, modern threats such as advanced ransomware and AI-driven attacks have exposed “critical flaws” in these strategies. As Marie explains, legacy BCDR approaches often depend on trust in internal systems, such as shared credentials between production and disaster recovery (DR) environments, and “redundant” infrastructure that mirrors or extends primary networks.
“These practices create fatal vulnerabilities, as attackers exploit inherited credentials to pivot from compromised production systems to DR sites, sabotaging backups and recovery tools,” he says. “Meanwhile, AI-driven threats amplify risks by automating reconnaissance, adapting to defences in real time and exploiting delays in manual recovery workflows.
“Traditional BCDR’s reliance on predictable attack patterns and static recovery plans crumbles under these conditions.”
According to Marie, the most glaring weaknesses in traditional BCDR are inherited trust in interconnected systems, unvalidated backups that fail under attack and rigid recovery strategies that assume attackers won’t target safety nets.
“Ultimately, the very principles of trust and redundancy that once underpinned BCDR now serve as its greatest liabilities in an era of autonomous, adaptive threats.”
One such example of traditional BCDR flaws being exploited was the 2017 attack on global shipping company Maersk, where the NotPetya malware bypassed defences by exploiting interconnected identity systems, hijacking active directory credentials to leap from production environments to disaster recovery sites.
“Backups, once a failsafe, were rendered useless because attackers had already compromised the credentials governing both systems,” says Marie. “This interconnected trust – a hallmark of traditional BCDR – proved fatal.”
Catching up
In order to combat these modern threats, Marie says that organisations need to rethink cyber resilience with three “non-negotiable” pillars: air-gapped isolation, identity separation for disaster recovery and adaptive testing.
“Air-gapped environments – physically separated from primary networks and inaccessible to attackers – ensure critical systems remain untouchable, even as ransomware encrypts production data,” he explains. “Equally critical is deploying distinct identity systems for DR sites, eliminating shared credentials that let attackers pivot from compromised production systems to sabotage recovery efforts.
“Resilience is then stress-tested through AI-driven attack simulations, replacing scripted drills with unpredictable scenarios that expose gaps before adversaries strike. Finally, predefined manual workflows – for payroll, logistics or customer support – ensure continuity when digital systems fail.”
Marie concludes that by combining these three pillars, supported by a broader business and communications plan that coordinates with employees, customers, citizens and regulators during recovery efforts, organisations can transform DR from a “passive backup into an impregnable last line of defence”.
Key to modernising BCDR approaches, according to Marie, is proper consideration and planning by security leaders and decision-makers.
“For CTOs and CISOs, BCDR isn’t just a strategy – it’s a lifeline. Modernising BCDR plans starts with ruthless prioritisation: categorising systems based on criticality and business impact,” he says. “Identify mission-critical operations like payroll and customer platforms that demand unyielding protection, while allowing secondary systems to accommodate temporary downtime.
“Incorporate alternative collaboration tools, such as backup email systems, into your strategy to ensure seamless communication during disruptions. Fortify essential systems with air-gapped recovery sites – keeping them completely isolated and secure from cyberattacks.”
He adds that to enhance this isolation, CISOs and CTOs should use different identities for the air-gapped site and avoid “synchronising identities with the main system”. They should also adopt zero trust principles as a cornerstone, validating every user, device and request “continuously”.
“Delaying action risks catastrophic downtime that some businesses may not survive. Yet, proactive investment in BCDR does more than shield operations – it creates a competitive edge,” says Marie.
“By prioritising what matters most and ensuring resilience, leaders transform potential crises into opportunities for trust and continuity, elevating business operations above the chaos.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
