BTEX 2025: How to Raise Your Ransomware Readiness with Data Resilience

June 09, 2025

Article
5 min

BTEX 2025: How to Raise Your Ransomware Readiness with Data Resilience

CDW and Commvault data protection experts demonstrated how organizations must shift from reactive defence to proactive resilience through strategic planning, testing and recovery strategies.

CDW Expert CDW Expert
/

Ajay K. Sood (Left), Regional Director, Commvault and Rowena Samuel (Right foreground), Team Lead and Data Protection Solutions Architect, CDW Canada

“If you are strategic about your recovery from a cyberattack, you are going to recover almost three times faster than an organization that isn't,” said Rowena Samuel, Team Lead and Data Protection Solutions Architect, CDW Canada, speaking at CDW’s 2025 Business Technology Expo.

In a time when cyberattacks are not a matter of if  but when, organizations must ask themselves – how resilient is our data?

In a session focused on evolving ransomware threats across the Canadian landscape, Rowena Samuel, Team Lead and Data Protection Solutions Architect, CDW Canada and Ajay K. Sood, Regional Director, Commvault, shared insights on the importance of a data resilience strategy.

With a rise in cyberattacks that encrypt data systems, organizations are being subject to longer downtimes and heavy data losses, coupled with ransom demands. To avoid such cases, the speakers highlighted key resilience strategies that can help boost cybersecurity preparedness.

They also presented a fictional ransomware attack scenario to depict the implications of a successful attack and what organizations can do to stay ahead of attackers.

How cyberattacks adversely affect organizational data

Samuel opened the session, highlighting statistics from CDW’s 2025 Canadian Cybersecurity Study. “As of this year, in 60.5 percent of cases, we're seeing public cloud being attacked as part of an incident. The downtime for organizations that are being attacked has increased 15 percent year-over-year.”

As cyberattacks get more sophisticated, they can breach security defences and render data resources unusable. Such attacks often have damaging effects on organizations without a data recovery and protection strategy.

“Organizations that are prepared for an attack recover in an average of 12 days, whereas organizations that are not prepared can take up to a full month to fully recover their operations,” Samuel added.

Samuel emphasized the need for Canadian organizations to consider recovery and backups in their current data protection strategies. “Data resiliency, data protection and particularly data recovery are still key components of any cybersecurity approach,” she said.

Understanding your minimum viable business

Sood introduced the concept of the minimum viable business  – the threshold at which a business can survive during a cyberincident. He mentioned how it’s difficult for most organizations to go without their IT systems, stating, “Most of the enterprise executives that I speak to can’t tolerate one day without their systems, let alone a downtime of 14 days or 30 days.”

Yet, statistics show average recovery times after cyberattacks stretch up to a month. This disconnect between actual downtime and tolerable downtime can affect how an organization measures its cyberattack preparedness.

To bridge this gap, organizations should clearly define what workloads are critical, what infrastructure supports them and how quickly they must be recovered to avoid reputational and financial impacts.

Simulating a ransomware attack scenario

Sood presented a simulated ransomware attack scenario in what he called a Minutes to Meltdown exercise. The exercise walked through the various stages of a successful attack.

“Everyone has a bad day and someone having a bad day is probably going to click on a link somewhere within your organization at some time,” said Samuel as she pointed how most cyberattacks infiltrate security defences.

The attack begins with a click and slowly takes on the IT environment, cutting off key services and encrypting data resources. Critical systems are affected and suddenly, customers notice that they can’t access any of the services.

“So now you've got a situation where your business is halted, so there goes your revenue stream. You've also got an issue where your brand is being affected,” Sood added.

Within hours, the cybercriminals behind the attack ask for ransom and the affected organization often has to pay. But as noted by Sood, in most cases, that doesn’t solve everything.

“If you do pay the ransom, do you get your data back? Most of the time you don't, or you don't get all of it back. The average data recovery rate is about 60 to 70 percent,” he highlighted.

Data resilience relies on three key points

As the session concluded, both the speakers emphasized three key points that can help organizations improve their data resilience.

  1. An attack is inevitable: Organizations should prepare as if they will most definitely be hit by an attack sooner or later.
  2. Testing and planning is key: Preparedness requires active recovery testing and contingency planning in the event of an attack.
  3. It’s a team effort: Internal collaboration and working with partners can help reduce the chances of significant damage.

“The key is being able to accept the inevitability of failure planning, testing and more importantly, having a great team behind you like our partners at CDW,” Sood concluded.

“Planning and being prepared is really the key. And not just having a plan but testing that plan, circling back and reviewing that at regular interviews because the threat landscape is constantly changing,” Samuel added.

Samuel also mentioned how CDW’s data protection services and Commvault’s solutions can help organizations prepare, plan and test their resilience plans with expert-led teams.