How to Build True Cyber Resilience with Apricorn’s Kurt Markley

From the importance of offline, encrypted backups to lessons learned from high-profile ransomware attacks, we sat down with Kurt Markley, Managing Director, Americas at Apricorn to discuss what it really takes to build cyber resilience in today’s threat landscape. Read more in this in-depth Q&A interview:

What are best practices organizations can follow to set up a resiliency framework?

A strong cyber resilience framework is built on a foundation of proactive security measures, robust data protection strategies, and a well-defined recovery plan. One of the most effective and widely recommended approaches is the 3-2-1 rule. This best practice calls for keeping three copies of your data, stored on two different types of media, with one of them being encrypted and kept offsite and offline.

The 3-2-1 rule ensures that even in the event of a ransomware attack, hardware failure, or accidental data loss, you have secure backups that can be quickly restored. That is, if the organization has frequent, automated backups of clean data. A backup of old or corrupt data won’t help you recover – it will just bog you down and waste valuable time.

Tied to this, organizations should also generally implement encryption by default, ensuring that data at rest and in transit is protected from unauthorized access.

What’s the role of hardware in a cyber resilience plan?

Hardware plays a critical role in cyber resilience because, at the end of the day, if you can’t access clean, untampered data, recovery becomes nearly impossible. Encrypted hardware storage, such as secure USB drives and external hard drives, provides an offline, air-gapped backup solution that is immune to ransomware attacks, network intrusions, and cloud service failures.

The challenge with cloud and software-based backups is that they are always connected—meaning they are also vulnerable. A ransomware gang can encrypt cloud backups just as easily as local files if they’re accessible at the time of infection. Even if it’s not a cyber-attack, cloud storage that does not include an offsite backup is vulnerable. We saw this play out a few years ago in France where the OVHcloud data center was destroyed by fire. One of many issues was that the backups for many of the websites impacted were also stored in the same data center, meaning that businesses were not able to access their backups and had to stay offline.

While the OVHcloud data center story is somewhat unique, it’s a good example of why organizations must enforce regular, automated backups ideally to encrypted hardware storage that is stored offline.

By incorporating encrypted storage devices into the 3-2-1 backup strategy, businesses can ensure that they have tamper-proof, rock-solid backups ready for immediate recovery—no matter what happens to their networked systems.

Can you share examples of organizations that have not followed these best practices?

There are countless cases where companies failed to implement proper backup and resilience strategies—often with devastating consequences. We already covered the OVHcloud data center, but if we go back a little further, most people will remember the Not Petya ransomware attack from 2017. This attack crippled global organizations by encrypting their data and rendering systems inoperable. Many affected companies did not have offline backups, leaving them unable to recover without paying massive ransoms.

More recently, Change Healthcare suffered a ransomware attack that resulted in weeks-long system outages because their backups were also encrypted. Without secure, offline copies of their data, they felt compelled to pay $22 million in ransom to regain access.

On the other hand, organizations that prioritized offline, encrypted hardware backups have been able to recover quickly after cyber incidents. Those that routinely test their backups and ensure they are clean, complete and stored securely offline are in a much stronger position to restore operations without major disruptions.

What about cyber resilience in vertical markets?

Different industries face unique cybersecurity challenges, but one common denominator across all sectors is the need for secure, accessible backups as a fundamental aspect of cyber resilience.

• Healthcare: The healthcare sector is one of the biggest targets for ransomware attacks because hospitals and clinics cannot afford downtime. The Change Healthcare example from before illustrates this point. If patient records are locked, operations grind to a halt and health outcomes can be impacted.

• Manufacturing: Manufacturers are increasingly targeted by ransomware because of the rise in Industrial IoT (IIoT) systems that control critical processes. A cyberattack can shut down production lines, costing companies millions. According to research from my company, many manufacturers lack proper backup procedures, putting their supply chains at risk. 

• Retail and Finance: These industries handle sensitive customer data, making them prime targets for cybercriminals. Strong data encryption, paired with secure storage solutions for backup and archiving, helps ensure that even if attackers gain access to live systems, businesses can restore critical data without paying a ransom.

  
  

The bottom line? Cyber resilience isn't just an IT concern—it's a business continuity necessity across all industries that has a real impact on real people.

You’re in the business of storing valuable data. What’s a topic you want people to think about when it comes to data storage?

One of the most overlooked aspects of cybersecurity is data lifecycle management—specifically, auditing what data you store, where it’s stored, and whether you still need it. The larger your attack surface, the more data there is to protect, and the more difficult it becomes to manage security.

Organizations should regularly audit the data they are storing in the cloud to identify what they have and if they still need to be storing it in the cloud. In many cases there is information that an organization needs to keep but does not need to keep active or accessible via the cloud. For this type of data, organizations can store it offline in encrypted hardware storage. This dramatically reduces the risk of exposure to ransomware, data breaches, or insider threats—while ensuring compliance with regulations like GDPR and HIPAA.

At the end of the day, data is an asset—but only if it’s properly secured and available when you need it. Organizations must take control of their storage strategies, ensuring that critical information is both protected and accessible when needed, without exposing it to unnecessary risk.