Organizations spend three times more on prevention than recovery despite ransomware attacks succeeding globally every 32 seconds. Traditional disaster recovery focused on low-probability, high-impact scenarios like data center loss. Today's threat landscape centers on identity compromise through social engineering that bypasses technical controls, granting attackers direct access to Active Directory, Entra ID and authentication platforms. The scattered spider campaigns targeting U.K. retailers demonstrated how third-party help desk exploitation and admin credential theft can paralyze entire enterprises for weeks or months.

True resilience requires assuming compromise is inevitable and planning for rapid identity restoration across hybrid environments to minimize operational disruption.

In this session, Jerry Rijnbeek of Rubrik will discuss:

• Air-gapped, immutable backup architectures for Active Directory and cloud identity platforms;
• Proactive risk detection for dormant accounts and identity misconfigurations;
• Forensic capabilities that identify compromise timelines and scope before initiating recovery workflows.