The independent World Backup Day initiative, now in its 13th year, is dedicated to raising awareness about the increasingly prominent role of data in business and everyday live, as well as the importance of keeping this data protected from loss and infiltration by threat actors.
Reportedly beginning with a Reddit post expressing wishes that someone reminded the user about the importance of data backups, following a loss of said user’s hard drive, the campaign invites people to make the following pledge: “I solemnly swear to backup my important documents and precious memories on March 31st.“
With cyber threats such as ransomware constantly growing and evolving, wreaking havoc across company networks big and small, it’s vital that businesses have a strong backup and recovery plan in place that features multiple layers of protection. According to research from Backblaze, however, just over half (54 per cent) of businesses reported loss of data, with only 10 per cent backing up daily
“When preparing for any cybersecurity scenario, it’s important to start with backup, which is often the last line of defence in any cyber resiliency plan when it should be thought of first,” said Rahul Hirani, senior vice-president of product management at NinjaOne.
“People often put off backing up their data because they think they can just do it at another time.”
>See also: Cyber resilience: your last line of defence
Hirani goes on to identify six key steps to take towards proper backup preparation:
- Test, test, test: Ensure your backups are operational, secure, and restorable whether they are on-site or in the cloud.
- Double tap: Ensure redundancy; backup your backups. This can be a second cloud backup or another physical copy off-site.
- Look into your recovery time objective (RTO): Having a backup of your data is great, but making sure your data is recoverable in a short period of time is even more critical. This helps businesses avoid costly downtime, which can be a business-ending event for many SMBs.
- Don’t forget about recovery point objective (RPO): This is the maximum amount of acceptable data loss after an unplanned incident captured in an amount of time since the most recent backup. This will vary depending on the business. For example, some organisations may just need the most recent backup from close of business, while others require a backup from the point of failure.
- Secure the bag: Ensure your essential data is in an encrypted backup and airgap your backups if that’s possible with your backup solution of choice.
- Take backup practices home: Businesses large and small should take action, but it’s also essential to bring data backup practices into your everyday life. Your personal photos, phone contacts, and email conversations are important to you, so ensure you have a backup solution in place for your personal devices.
A two-pronged strategy
Whichever sector your business operates in, a two-pronged strategy is required to keep assets intact. This entails advanced, immutable copies of their data; and then the ability to not only backup quickly, but also restore rapidly and at scale.
“Given the valuable and sensitive nature of data, whether it resides in the public sector, healthcare, financial services or any other industry, businesses can’t afford to think about backup just one day per year,” explained Fred Lherault, field CTO EMEA/emerging markets at Pure Storage.
“Immutable copies are protected because they can’t be deleted, modified or encrypted — even if an attacker gains access to sensitive data. They are also relatively easy to restore, but depending upon the situation might not be a viable option.
“Traditional tape or disk-based backup can restore roughly one to two terabytes an hour. That’s not going to cut it for most organisations, as this could lead to hours or days of downtime which could cause immeasurable financial and reputational loss to the world’s biggest organisations. Thankfully, some flash based solutions can offer speeds of up to 270TB an hour, and are needed to get an organisation up and running with minimal negative impact.”
Shifting from 3-2-1 to 3-2-2 backup
Many business utilise an approach to backup that sees at least three copies of data stored across two local locations (on different media types), then at least one copy stored off-site, e.g. in the cloud — known as the 3-2-1 backup strategy. While recommended by bodies such as the US Government, there is an argument that the strategy can be insufficient against ransomware. It’s also been referred to as outdated in line with today’s market, by some.
With so much of business data operations now residing within cloud infrastructure that’s increasingly targeted by threat actors, it’s a good idea to have more than one copy of data hosed in a remote location — adhering to what would be a 3-2-2 strategy.
Corey Nachreiner, chief security officer at WatchGuard Technologies, explained: “There are nuances to how backup should be done as part of a ransomware defence strategy. Attackers often target backup services and disable them before an attack. Therefore, organisations should practice what’s called 3-2-2 backup, which maintains multiple backup sources off and online.
“Furthermore, companies need to be sure to test and prove their backups actually provide fast recovery – in addition to backing up regularly and implementing strong protections around the multiple copies of those backups – to avoid the “real-death” of their data in the event of a successful ransomware attack.
“Many organisations have proven not to have good backups, which is why ransomware is so effective in the first place. Make sure you set yourself up to be in a position where you will never have to give in to ransom demands. Whether it’s a customer database, a critical IP, or the gold standard virtual machine image, don’t just talk about backing up regularly; do it.”
When it comes to keeping data secure in the cloud, keeping costs optimised is proving vital for long-term success, given the scale flexibility that cloud infrastructure can provide at any given time. An array of factors that can contribute to rising backup bills, including the incorrect perception that all data is critical enough to need a backup; using the same backup strategy for all data; and a lack of visibility and granularity into backups, copies and solutions.
According to Adam Rusho, field CTO at Clumio, IT staff need to devote time towards discovering and removing unnecessary copies and backups. Then, backup strategies can be fine-tuned through gaining an understanding of underlying data.
“For large data lakes and warehouses,” said Rusho, “it can be tempting to simply protect the entire repository. With modern applications becoming powered by vast data lakes and data warehouses, the exponential data growth can increase the surface area at risk for breaches, ransomware, and accidental deletions. This is a path to ballooning costs.
“Instead, use a data discovery tool that allows you to explore component folders and objects, and intelligently assign policies. Companies must also back up data in immutable, air gapped cloud vaults in order to grant security for irreplaceable data.”
Proactive cybersecurity to complement backups
Lastly, it’s worth remembering that backup and recovery can only be truly complete and successful as part of a proactive cybersecurity strategy. With the cost and risk of partial or full restoration of assets being relatively high in relation to many businesses’ budgets, full visibility of all data stacks is critical.
“[Partial or full restore] is labour intensive, impacts availability, and can take many hours, days, or even weeks in the case of larger organisations. There is also a high risk that several generations of backup versions may still be infected if the ransomware entered the environment a while ago but was not detected at the time,” said Mark Jow, field CTO EMEA at Gigamon.
“Therefore, the modern digital infrastructure of most enterprises – with legacy systems paired with new technologies like cloud and IoT – requires security teams to think more proactively; they need to gain deep observability across their hybrid IT environment to eradicate cloud to core blind-spots and ensure threat actors have no opportunity to break in undetected.
“It is this proactive approach that will allow data backups to be just that – a ‘backup’ solution and a last line of defence if the worst happens.”
Why bother with ransomware? The rise of ‘low effort’ extortion attacks — In this article, we explore the rising threat of ransomware-free extortion attacks on businesses.
ChatGPT vs GDPR – what AI chatbots mean for data privacy — While OpenAI’s ChatGPT is taking the large language model space by storm, there is much to consider when it comes to data privacy.