Do You Even DR Plan?
Your DR plan was probably written for an attacker that doesn't exist anymore.
Nine years at Zerto before Hivemindd. Hundreds of DR conversations. Almost every plan leaned on the same quiet assumption: when the bad day comes, the backups will be sitting there waiting for you.
Not anymore. Halcyon tracked attacker dwell time collapsing from 70+ days to a median of about 4. They get in, find the backups first, then detonate.
Here's the thing though. The vendors already built the answer. Veeam has hardened immutable repositories and SureBackup, which boots your backups in a sandbox to prove they restore. Rubrik built immutability into the filesystem and added anomaly detection. Cohesity has FortKnox for vaulted, isolated copies. Commvault built Cleanroom Recovery so you can restore into an environment the attacker never touched. Zerto's journal rewinds you to seconds before the encryption started.
So why does Sophos still show a split where half of orgs are back inside a week and the rest are staring at a 24-day average? For a mid-size manufacturer that gap is a keep-your-customers problem.
Because owning the feature and testing the feature are different things. I sold this stuff for almost a decade. The licenses were rarely the problem. The unturned-on immutability, the sandbox restore that never got scheduled, the journal nobody practiced rewinding: that was the problem.
So, whatever logo is on your backup console. When did you last run the scenario where the backups are the crime scene? Immutable copies only, recent snapshots assumed hostile, restore into a clean environment.
Not which platform you own. When you last proved it works under fire.
What did that test look like, and what surprised you?