According to the Certified Information Security Manager (CISM) Study Guide, the greatest challenge to the recovery of critical systems and data following a ransomware incident is the availability and integrity of backups. If the backups are unavailable or corrupt, it becomes much more difficult, if not impossible, to recover the systems and data. This highlights the importance of regularly testing and verifying the backup and recovery process to ensure that the backups are available and can be used in the event of an incident. Additionally, it is important to ensure that backups are stored securely and off-line to prevent them from being encrypted or deleted by an attacker.

first step in developing an information security strategy is to conduct a risk-aware and comprehensive inventory of your company's context, including all digital assets, employees, and vendors. Then you need to know about the threat environment and which types of attacks are a threat to your company1. This is similar to performing a gap analysis based on the current state3.