Resource 2025-10 7 min
Backup evidence: proving you can restore (not just that you backed up)
Backups are only useful if restores are routine. Here is a simple model to produce recovery evidence and reduce ransom leverage.
Backups Resilience Ransomware
Backups are not evidence of recovery
A successful backup job proves only one thing: data copied somewhere. It does not prove integrity, access, or actual restore capability.
Minimal recovery evidence pack
- Backup job success rate + last success date
- Immutable/air-gapped coverage statement
- Restore test results (what was restored, when, and by whom)
- Documented RTO/RPO assumptions
- Runbook for restores (steps and owners)
A supportable restore test cadence
- Monthly: small file restore test
- Quarterly: application-level restore (or representative VM)
- Semi-annual: “tabletop” ransomware recovery walk-through
What to avoid
- Backups stored on the same domain trust boundary as production
- No MFA on backup consoles
- Restores that require tribal knowledge (no runbook)
Quick actions
- Document ownership boundaries.
- Stage changes and verify outcomes.
- Measure and report monthly.
Want help implementing?
We can translate these controls into a staged plan with verification steps for your environment.