Podcast series: The Security Strategist

Guest: Sam Woodcock, Senior Director of Solutions Architecture at 11:11 Systems

Host: Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech

In the recent episode of The Security Strategist podcast, host Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech, spoke with Sam Woodcock, Senior Director of Solutions Architecture at 11:11 Systems. They discussed what he sees as one of the biggest issues in cybersecurity today: the gap between confidence and ability.

Their conversation, based on findings from the company’s latest global survey, revealed a troubling fact. While 81 per cent of IT leaders believe they are ready to recover from a cyberattack, many have already faced serious incidents, sometimes more than once a year.

Woodcock pointed out that this confidence can be misleading. “If you think about your cyber recovery planning, it often looks strong on paper,” he said. “That can create a false sense of security because cyber recovery is very complex.”

Analyst Read: Forensic Recovery Is Central to Cyber Resilience 

Cyber Recovery is Not Fixed

Woodcock explained that many organisations confuse documented plans with actual readiness. Cyber recovery is not fixed; it must change with the infrastructure, applications, and threats.

“Change is the only constant in this industry,” he noted. “Things are shifting daily and weekly. What you had in place today can quickly become outdated.”

Testing often suffers from time and budget constraints. Many companies test just once a year, if at all. Woodcock advises that quarterly testing should be the minimum.

“You’d rather find those issues now instead of during a real ransomware incident.”

The costs of misplaced confidence are high, such as prolonged downtime, growing financial losses, regulatory fines, and damage to reputation. Some survey participants reported recovery times of one to two weeks, while others took over a month.

The more alarming truth is the risk of getting reinfected. “Enterprises might recover from the first outage and then be hit again,” Woodcock warned. “That extends the recovery time and increases the risk and damage.”

How Modern Attackers Hack?

One of the most revealing points from the discussion was how modern attackers operate once they gain access. A common way in is through VPN flaws and social engineering

“One of the first things they will do is examine existing documentation within your organisation to understand your recovery strategy,” Woodcock tells Dua. “They’ll look at your company’s cyber incident recovery planning document.”

Attackers often target backup systems directly to wipe out recovery options before launching ransomware.

In one case, Woodcock mentioned, a company’s local backup systems were compromised. Luckily, they had maintained immutable cloud backups, allowing them to recover even after the primary backup environment was breached.

In other cases, entire primary environments were taken offline, forcing organisations to switch to secondary, isolated environments.

“You need a safe, trusted, clean space to recover your environment,” he said. “That way, you can understand how the attack happened and be confident that your recovery is clean.”

The idea of the "clean room," or an isolated recovery environment, has become crucial to modern cyber resilience strategies.

AI vs. AI: A Weapon & a Defence

The conversation also addressed artificial intelligence (AI), both as a weapon and a defence. Woodcock noted that cybercriminals are already using AI to refine phishing campaigns, increase attack frequency, and add complexity to evade detection.

“They’re using AI to potentially improve the language in social engineering attacks or to raise the frequency of attacks,” he said.

Are you enjoying the content so far?

However, defenders are also making progress. 11:11 Systems collaborates with technology partners like Veeam, Cohesity, and Zerto, all of whom invest heavily in AI for spotting anomalies and providing real-time threat visibility.

These tools can help organisations identify when an attack began and find the last known clean recovery point. “It helps them make quicker decisions,” Woodcock added. “They can make better choices by using AI to find the right recovery point.”

However, he also cautioned against thinking that technology alone will solve the problem. “Technology by itself isn’t enough. It always comes down to the maturity level and expertise within the business.”

Looking forward, Woodcock does not expect ransomware sophistication to slow down. Enterprises now face double extortion tactics—not just encrypted data but also threats of public exposure.

“It’s not just ransomware encrypting data,” he said. “There’s also this evolving threat of being told that data will be made public.”

In an era where attackers study your recovery plan before you implement it, resilience is about proof, not just documentation.

Takeaways

  • 81% of IT leaders are overconfident in their recovery abilities.
  • Cyber recovery is complex and requires a robust plan.
  • Regular testing is essential for effective cyber recovery.
  • Organisations often overlook recovery strategies in favour of prevention.
  • AI is being used by cybercriminals to enhance attacks.
  • The frequency of cyber attacks is increasing.
  • Understanding application dependencies is crucial for recovery.
  • A clean recovery environment is necessary to avoid reinfection.
  • Decision-making during incidents can be time-consuming and impact recovery.
  • Building a strong security culture is vital for organisations.

For more information, please visit em360tech.com and 1111systems.com

Follow: @EM360Tech on YouTube, LinkedIn and X

11:11 Systems YT: @1111systems

11:11 Systems LinkedIn: https://www.linkedin.com/company/1111-systems/

11:11 Systems X: @1111systems