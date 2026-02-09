Want resilience? Then, have a backup and recovery plan — and test it, advises the Veeam technologist.

No doubt about it: Artificial intelligence has accelerated cyberattacks and therefore the need for faster-than-ever response. Still, automation is only part of the best strategy for ensuring resilience in the face of attacks that will ultimately get through. You still need smart, alert people.

“You can’t move at the speed of AI, which is certainly a big piece of the equation, without automation, but people are a very important part of this,” said Mark Bentkower, principal technologist for the Americas at Veeam.

If for no other reason than regular users, sensitized to phishing email, can act as front-line protectors, organizations should keep people in the loops of all cyber operations, Bentkower said during Federal News Network’s Industry Exchange Cyber 2026.

“We talk about alignment of people, process and technology,” he said. “You need to have a proper alignment of those to reach a point of cyber resilience.”

Resilience leading the pack

Resilience in the event of an attack getting through has replaced the idea of a hardened perimeter and vulnerable interior as a sufficient cybersecurity strategy. The latter is incompatible with the principles of zero trust.

Zero trust “requires that you segment the inside, and that you’re going to give the least amount of permission to users and processes, so that they can’t easily move around inside,” Bentkower said.

On the people side of the equation, he said it takes more than the security operations center staff alone to maintain cyber resilience. Specifically, IT administrators responsible for data backup and recovery have an important task in ensuring resilience.

Insider threats and those motivated by ransom call for particular attention to the security of data and therefore of data storage and backup. Bentkower said strategies must keep up with how the technologies for data backup and recovery have changed because of evolution in storage and storage economics.

Faster recovery

“The idea that you’re going to put data from a disc onto a tape, and that tape is going off site, and that’s going to be your backup? That’s not going to work in a modern idea of backup and recovery,” he said. The idea of tiered storage remains, but nowadays the tiers are often different levels of online, cloud-hosted storage, starting with RAM.

It’s “less expensive to hold a gigabyte of data now than it used to be,” Bentkower said, “and it’s faster to move that data around. But at the end of the day, you still need to do the same amount of planning that you did before, and hierarchical storage management is still a thing.”

Coupled with higher levels of online service in the age of digital government, it all means agencies need to rethink acceptable recovery time and recovery point objectives. Continuity of service and operations — resilience — means an 8-hour cycle to find and spin up a because a DVD or tape cassette no longer suffices.

“A lot of customers will say, ‘Well, I have a recovery point objective of 15 minutes. I can’t lose more than 15 minutes’ worth of data,’ ” Bentkower said. “Now we’ve departed really far from that tape that I used to back up 25 years ago.”

By the same token, restoration has become more complex. “It’s not just putting data on a disk. It’s putting a completely running stack back into production,” he said.

Use of multiple commercial clouds has combined with increasing numbers of mobile and remote employees to make data security and management a highly distributed and shared affair, Bentkower pointed out.

Remote devices and users in turn have moved to the self-service mode for tasks like provisioning PCs or reporting lost or broken ones. It means solid endpoint device and identity management become crucial.

“Self-service is important,” Bentkower said. “And once you’re going to do that, you need to make sure you are authenticated and that the right person is being able to get to the right data.” That leads back to the need for a zero trust implementation, he added.

As for cloud, “very often the there’s a shared security model,” Bentkower noted. That is, the cloud services provider takes care of infrastructure security, and the customer agency remains responsible for its own data and applications.

In many federal situations, agencies have laws and regulations regarding data and data stewardship.

Regardless of whose infrastructure hosts it, Bentkower said, “the data itself belongs to the end user.” Particularly for compliance, “you need to be able to show chain of custody. For certain files you need to be able to show that nobody’s gone in and changed it.”

Loss vectors

In the era of fast, online storage hierarchies, security and IT operations people need to worry about two principal forms of cyberattacks, Bentkower said.

“One of them is the denial-of-service attack,” he said, “where the malware comes in and encrypts our data so you can’t use it.”

Second, and especially potent for the public sector, “we worry about the exfiltration, the stealing of data, where they’re going to take your data away and say ‘You pay me a ransom, or I’m going to expose your data to other people.’ ”

That’s one reason why hierarchical storage management still includes offline technologies for long-term or rarely accessed data which, nonetheless, is often critical.

A new worry comes from the threat of quantum computing-powered breaking of standard cryptography, Bentkower said.

“Is data that is encrypted today going to be vulnerable in five to 10 years, to being unencrypted and stolen?” he said.

In the meantime, protection strategies must start with what’s online now and extend back to data in long-term storage.

Especially because acceptable backup and recovery times have evolved from days to fractions of hours, Bentkower said agencies must regularly exercise their plans.

“When you start looking at what the damage would be to lose even three days or a week’s worth of data or to be down for that period of time,” he said, “it’s really important for organizations to look at incident response and to have a plan for regular incident response testing.”

More than an IT staff exercise, testing should include stakeholders from all parts of the agency participating in tabletop exercises, Bentkower said.

“And out of that, I think one of the things you’ll find is that, if your backups are more than a few days stale, that you may not actually be coming back up to business again,” he said.

Solid backup and recovery plans and regular testing will become all the more important as artificial intelligence comes deeper into the cyberattack and response field.

“Basically, the bad guys are now using AI to attack, which means the good guys have to use AI to be able to respond,” Bentkower said. He said he envisions AI-enabled security operations centers.

Returning to the topic of the human in in the loop, Bentkower said: “Where does the human being fit into all of that? You can’t trust the machines completely. But in the time it takes to touch the mouse, millions of cycles have happened. We need to be there somewhere.”

