混合云世界中的网络弹性：为何隔离恢复环境和战略规划成为新的必备条件

Cyber Resiliencein a Hybrid CloudWorld Why Isolated Recovery Environmentsand Strategic Planning Are the NewNon‑Negotiables Contents Introduction2The evolving threat landscape3Why traditional disaster recovery or business continuity can fail3Business impact analysis: the foundation of resilience4Isolated recovery environments: the cleanroom approach to recovery5Understanding failure modes in the age of cyberattacks7Infrastructure as code: accelerating recovery with confidence8Communication and coordination during a cyber crisis9War game exercises: building muscle memory and revealing blind spots before theybecome crises10Regulatory expectations and the evolving compliance landscape11Quantifying the business case for cyber resilience14A strategic framework for resilient recovery15Making resilience part of your culture17Cyber resilience industry statistics sheet (2024–2025)20Citations & references21Glossary of terms22About Rackspace Technology23 Introduction Cyberattacks are a daily realityWhetheryou’re running in public cloud, privatecloud or at the edge, hybrid environmentshave expanded the attack surfaceIn theUK alone, 70% of large firms and 74% ofmedium‑sized businesses reported abreach in the past year And today’s attackers aren’t lone actors working oninstinct — they’re organized, well‑funded and deliberateCriminal groups and state‑sponsored teams spend weeksor even months conducting silent reconnaissance withinan organization’s infrastructure before launching adevastating attack using advanced tactics to compromisecritical systemsTheir aim is to disrupt operations bytargeting backups, identity systems and communicationsplatformsThe impact? Data loss, operational downtime,reputational damage, regulatory pressure and,sometimes, steep financial consequences You may think you’re ready because you’ve invested inbackups and disaster recovery plansBut traditionalcontrols often break down during modern attacksOncesystems are compromised, recovery can become chaotic,slow and costly — or even impossible This white paper offers a strategic view of cyber andoperational resilience built around four essential pillars: •Business impact analysis (BIA):Identify and mapcritical processes and failure modes, and quantify thecost of downtime •Enhanced business continuity planning:Define cyber‑specific protection and recovery strategies •Isolated recovery environments (IREs):Establish air‑gapped, immutable zones for clean restoration •Infrastructure as code (IaC):Automate cleanenvironment deployment using tools like Terraform,Ansible and others Cyber resilience isn’t a product you can buyIt’s abusiness strategyAnd recovery alone isn’t enough Youneed the ability to resume trusted operationsThat startswith planning, not just technology — and the time toprepare is before a crisis begins The evolving threat landscape The nature of cyberthreats has fundamentally shiftedWhere breaches once exploitedconvenience or poor hygiene, today’s threat actors operate like digital mercenariesToday’s attackers aren’t just looking to steal or ransom data — they aim to disrupt,disable and destroy Threat actors are better equipped, more coordinated and increasingly deliberateMany operate as part of well‑funded groups with access to zero‑day exploits, socialengineering kits and automated reconnaissance toolsThese include state‑backedactors, industrial saboteurs and organized cybercriminalsThey often remainundetected for weeks or months — mapping internal networks and environments,elevating privileges and identifying chokepoints before launching a coordinated attack In 2024, a staggering 59% of organizations globally were hit by ransomware, accordingto Sophos in a survey of 5,000 organizations ranging from 100 to 5,000 employeesMoreconcerning, however, was the rise in attacks where backups and recovery infrastructurewere directly targetedUK‑specific data from the Cyber Security Breaches Survey (2024)indicates that 74% of medium‑sized businesses and 70% of large firms reported amaterial cyber security incident in the past 12 monthsThe average dwell time — theperiod an attacker remains undetected — is now 24 days, providing ample opportunity toobserve, plan, and execute a coordinated breach across infrastructure, identity systems,and communications channels These threats aren’t just increasing in frequency — they’re evolving in sophisticationAttackers often gain access through phishing, social engineering, credential theftor by exploiting known vulnerabilitiesOnce inside, they move laterally across theenvironment to elevate privileges, identify critical systems and disable detection toolsMany have the capability to exfiltrate sensitive data and maintain persistence throughcustom backdoors or altered configurationsThis methodical approach is designed tocause maximum disruption and extract maximum value — whether through ransomdemands, espionage or outright destruction Cyber resilience can’t be treated as just another IT responsibili