FBI launches new initiative to strengthen nation’s cyber resilience

The FBI is turning lessons from cybercrime investigations into action. Recently, the agency launched Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), a new initiative aimed at strengthening the nation’s cyber resilience. Among the top 10 recommended actions: maintain offline, immutable backups and test restoration regularly.

In his video announcing the new campaign, Brett Leatherman, assistant director of the FBI's Cyber Division, said Operation Winter SHIELD “…distills what we've learned from real-world investigations, real victims, and real adversary behavior into 10 high-impact actions your organization can take right now to defend against cyberattacks.” According to the FBI, backups are routinely targeted early in intrusions, and resilience depends on isolation and tested recovery. The experience of the Cohesity Cyber Event Response Team repeatedly bears this out.  

Real-world consequences of inadequate backup strategy 

According to our recent research, nearly half of surveyed leaders (47%) expressed complete confidence in their resilience strategies, even as costly attacks continue to produce measurable financial fallouts. 

The importance becomes clear when examining actual business impacts. For any number of hours that a company is offline, that's almost certainly leading to lost revenue. In fact, according to the 2025 Cohesity Global Cyber Resilience Report, 87% of organizations suffered revenue loss due to a cyberattack.

What is an immutable backup?

It’s not enough to create backups. They must be protected, isolated, and proven to be recoverable. An immutable backup cannot be altered in any way. It should ensure the data is unchangeable, encrypted, or unable to be modified, and able to rapidly be deployed to production servers in case of destructive attacks.

Unfortunately, many organizations are only beginning to understand the importance of immutability too late, through events such as ransomware attacks and other business disruptions. Companies often think they're protected because they have a replica.

Don’t forget about testing

Disaster recovery (DR) is the process of restoring access to applications and data as well as functionality to IT infrastructure after disruptive events such as fire, flood, system failure, human error, or ransomware attack. The goal is to be operational amidst the disaster and return systems to normal as soon as possible. To recover successfully, you must test regularly—if you don’t, you won’t have confidence in your ability to restore. Automation helps reduce manual effort, helps implement best practices, and makes regular testing easier. Testing is also not just a “nice thing to do”—it’s a must. In fact, many standards organizations such as NIST, cyber insurers and regulations such as HIPAA require documentation that testing has occurred.

Comprehensive recovery requirements 

Modern cyber resilience requires more than just file or database recovery. Organizations need to ensure they can bring back their entire infrastructure stack, identity management and entire internal CRM tool or full application stack that runs your business. It's about bringing everything back to a state that allows people to continue doing business.

Be prepared 

Maintain offline, immutable backups—and test them often. It’s not enough to simply create backups—they must be protected, isolated, and proven to be recoverable. These are core capabilities of Cohesity Data Cloud, which includes our FortKnox vaulting solution. But true resilience comes from confidence that your data can be restored when it matters most. That’s why Cohesity encourages continuous testing and why our RecoveryAgent automates recovery validation to take the guesswork out of readiness. By routinely exercising these capabilities, organizations can turn backup strategy into a tested, trusted recovery plan.

Operation Winter SHIELD provides other practical tips to improve your organization’s cyber resilience. These tips include, "Track and retire end-of-life technology on a defined schedule," which applies to modernizing older storage infrastructure that is no longer actively supported by vendors as well as "Protect security logs and preserve for an appropriate time period," which immutable backup storage with longer retention can help with and do so cost-effectively.

Remember, recovery is more than restoring data and technology. It’s about preparing people, too. Every stakeholder, from IT and security teams to executive leadership, needs to understand their role in the recovery process. Cohesity helps organizations put these plans into action through ransomware tabletop exercises that simulate real-world attacks and identify gaps before they become crises. Our experts lead these sessions directly with organizations with your teams to strengthen coordination, communication, and muscle memory for rapid response.

At the end of the day, cyber resilience is a journey, not a checkbox. Cohesity is proud to partner with companies every step of the way to help them safeguard data, streamline recovery, and strengthen confidence in their ability to withstand whatever comes next.