5 steps to prepare for a cyberattack
First silence. Then chaos. In January 2024, the IT systems at Tietoevry, a major Nordic IT service provider, suddenly went dark. Across Sweden, hundreds of companies and public services that relied on its infrastructure were left paralysed. The impact was felt as high as the national parliament and Sweden’s central bank—all told, more than 60,000 employees were affected.
Behind it all was Akira ransomware: A fast-moving, highly disruptive malware that encrypted vast amounts of data and demanded a ransom.
But this wasn’t just an isolated incident. It is part of a growing wave of sophisticated cyberattacks that target Europe’s digital infrastructure. For many organisations who were caught unprepared, recovery was slow, expensive and painful.
Given the potential devastation, how can you be prepared when criminals go after your organisation for a ransomware attack?
1. Know your digital landscape
Most organisations don’t actually know what they’re defending. That’s a dangerous place to start.
You need a clear, up-to-date map of your entire digital footprint: servers, endpoints, SaaS platforms, shadow IT, third-party integrations, and critical data flows. This includes infrastructure you control and infrastructure you rely on (like your cloud provider, email service, or ERP platform).
Start with a risk assessment. What assets are mission-critical? What systems must stay online for you to function? Where is sensitive data stored and who has access? If you were hit by ransomware today, what would hurt the most?\
2. Strengthen your frontline defenses
Most organisations don’t get hacked because their defences were missing. They get hacked because their defenses were blind, misconfigured, or assumed something was safe when it wasn’t.
Modern attacks move fast, so your defenses must start with real-time visibility. You need to know what’s running, where it’s running, and who has access. Without this baseline, detection is guesswork.
Use logging, monitoring, and access control to establish normal behaviour and then flag deviations early. Enforce least privilege everywhere. Apply multi-factor authentication (MFA) to all critical systems, not just user logins.
Finally, be ready to respond.
3. Adopt decentralised, immutable backups
When ransomware hits, your backups are the first thing criminals go after. It’s a hard truth, and a real pain point for many.
If your data is backed up locally, or even just connected to your live systems, it’s vulnerable. And once those backups are gone, recovery becomes a negotiation - and that negotiation can become expensive and incredibly stressful.
The following architecture makes it practically impossible for a single breach to destroy both your live systems and your recovery options. It includes backups that are:
- Physically and logically separated from your primary systems.
- Immutable by default, meaning once written, data can’t be altered or deleted, even by the admins and especially not by the attackers.
- And automatically replicated across multiple, independent nodes for added redundancy.
4. Test those damn backups
There’s another problem to contend with: many backup systems are set up once, scheduled to run automatically, and then get largely ignored. This is not good enough of a strategy, but unfortunately, the most common one organisations rely on.
They make a dangerous assumption: backups will work simply because they exist. When a real crisis hits, it’s often discovered too late that the backups were misconfigured, incomplete, corrupted, or missing entirely. This is when a tear or two are shed.
A real test means restoring full systems, not just a few files. You need to simulate outages, measure recovery times, and verify that everything from databases to access controls can be brought back online. SpaceTime makes it easy to move from “we have backups” to “we’ve tested and recovered from failure.”
5. Stay compliant with EU regulations
When systems go down, regulators come knocking too.
In Europe, digital resilience is no longer just a best practice—it’s the law. Regulations like ISO 27001, GDPR, and NIS2 are raising the baseline for how organisations handle data, respond to incidents, and recover from disruption. And these are NOT optional for many sectors.
The takeaway? If you can’t explain and demonstrate your security posture today, you won’t be ready when scrutiny comes tomorrow. Whether from a regulator or a ransomware group.
So, when everything else is compromised, your backups are your last line of defence. SpaceTime makes testing and restoring backups seamless and cost-efficient, so you can build a resilient fallback system that actually works under pressure. Also, test those damn backups.
