The Best Laid Disaster Recovery & Cyber Resilience Plan
Resources | Blog

Lessons from a Year of High-Profile Ransomware Attacks

BY Ian Thompson

By Ian Thompson, Global CSO, Assured

October marks another Cybersecurity Awareness Month, and with it comes a familiar reality check: cyber threats continue to evolve faster than most organizations can keep up. Despite billions spent globally on prevention, the past year has shown that even the largest, most well-resourced enterprises can still be brought to their knees by ransomware and data breaches. Equally concerning is the fact that familiar methods of attack are still proving successful. IBM’s Cost of a Data Breach Report 2025 found that top initial attack vectors still include third-party compromise, phishing, and stolen credentials. It seems that despite widespread awareness of the nature and risk of cyberattacks, they’re destined to plague businesses of all sizes and public sector organizations for the foreseeable future. 

Ransomware’s high-profile victims
Over the past 12 months, numerous major brands have suffered serious cyber incidents that disrupted operations for weeks, and even months. In April, UK retailer Marks & Spencer was forced to suspend online sales following a ransomware attack linked to the Scattered Spider group. Then, in September, Jaguar Land Rover faced extended production downtime after a similar disruption hit its global systems. Meanwhile, in the US, CDK Global, a software firm serving car dealerships across the country, fell victim to an attack in June that paralyzed core business operations and customer services.

All these companies have vast resources, mature IT teams, and established security frameworks. Yet, as these incidents show, no one is immune. Every organization, regardless of size or sector, must prepare for the possibility that their cyber defenses will eventually fail. It doesn’t matter how much is spent on software, firewalls, or staff training – organizations need a robust plan for what happens when everything else goes wrong. 

Smartphones become a new front line
One of the most underappreciated, emerging cyber risks to enterprise comes from smartphones. The blurred line between personal and professional use means many employees now access corporate data, including email, documents, chat apps, and admin tools from personal phones. That convenience comes at a cost. Attackers are increasingly exploiting SMS-based phishing (smishing) and messaging scams to compromise credentials, deploy malware, and access corporate systems.

Unlike traditional phishing, smishing doesn’t stop at personal data theft. It can become the bridgehead into business environments, particularly when phones are connected to cloud email accounts or collaboration platforms. Hackers don’t need to target enterprise servers directly. They target the person with Outlook or Teams installed on their phone. One click on a malicious link, and that personal device can become a corporate attack surface. 

To reduce exposure to these types of attack, enterprises should enforce multi-factor authentication (MFA) on all business apps and use mobile device management (MDM) or enterprise mobility management (EMM) to enforce security controls.

Constant updates create new pressures for administrators
Increasing pressure on IT teams to keep up with an endless stream of security patches and updates is another overlooked issue that impacts on effective enterprise cybersecurity. With critical vulnerabilities being weaponized within hours of discovery, the old practice of wait and see, before deploying updates is no longer viable. However, this constant stream of updates has created a new dilemma for IT teams. More updates mean more downtime – a major challenge for organizations that operate around the clock. At the same time, there’s less opportunity to test patches thoroughly before deployment, increasing the risk of introducing instability or breaking critical applications. Add to that the constant barrage of alerts and patch fatigue, and the result is often human error, delayed responses, and greater overall exposure to risk.

In many cases, these pressures leave systems vulnerable, which is why robust backup and recovery capabilities have become essential safety nets. When updates fail, exploits emerge, or data becomes corrupted, organizations need to be able to restore clean, immutable data instantly.

Resilience is readiness
Cybersecurity Awareness Month is a reminder that prevention alone is not protection. Real cyber resilience means preparing for the day defenses fail, and knowing your organization can recover fast, clean, and with confidence.

There’s no question that immutable backup and disaster recovery should form the backbone of any modern cybersecurity strategy. Yet for many organizations, especially smaller enterprises and public sector bodies, cost and complexity have often been barriers to adoption. That’s where Assured’s managed service model, utilizing Rubrik’s natively immutable technology, makes the difference. By combining proven, zero-trust data protection with 24/7/365 proactive monitoring, alerting, and recovery support, Assured delivers enterprise-grade resilience without the overhead of managing it in-house. During Cybersecurity Awareness Month, it’s the ideal time to assess whether your organization could recover quickly if the worst were to happen, and to explore how Assured can help make that readiness simple and affordable.