Today is World Backup Day, which is a good opportunity to remind you that you only have a couple of days left to get your hands on some free backup software courtesy of our AOMEI giveaway.
It’s also an opportunity to look at the continued importance of backups even in the modern world of clouds and SaaS applications. A new report from Crucial highlights the ongoing cost of data breaches which has risen 9.8 percent from 2020 to 2021.
There are also plenty of hints and tips on offer to help you make your backups effective and painless to carry out.
John Fung, director of cybersecurity operations at MorganFranklin Consulting says, “Ransomware commonly targets backups to prevent companies from restoring them rather than paying a ransom. That is why backups should be stored offline or in a read-only format. Ideally, backups should also be geographically distributed. That way if a natural disaster, power outage, etc., knocks out an organization’s primary systems, the backups provide immense benefits.”
Jeff Costlow, CISO of ExtraHop, echoes this warning:
Ransomware is a shadow that hangs over all organizations today. This World Backup Day should be a call for all organizations to examine how their backup and recovery plan weaves into their overall security strategy to ensure they are protected in the event of a ransomware attack.
Sadly, organizations must take further precautions and cannot rely solely on their data backups. Today’s ransomware has become an advanced threat with the ‘hat trick’ of exfiltration, encryption, and software exploitation. It used to be that the sole endgame of ransomware was encryption. Deploy the ransomware, encrypt the files, and demand payment in exchange for the keys. Today, ransomware criminals have introduced payment incentives at multiple steps in the killchain, from exfiltration of data to exploitation of software. While it is key for organizations to ensure a strong backup and recovery strategy is in place for business continuity, they can no longer guarantee that their private data won’t be released.
Rick McElroy, principal cybersecurity strategist at VMware reminds us that, “Testing the viability of backups is vital amid continued warnings from the Biden administration urging the private sector to immediately harden their cyber defenses. As geopolitical conflict spills over into cyberspace, organizations should test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack. Critical infrastructure providers, in particular, should operate under the assumption that they will be hit by targeted attacks. Prepare for the unexpected, test backups, and warm up incident response muscles.”
Ben Gitenenstein, VP of product at Qumulo warns of the growing volume of data:
Your data’s growth isn’t slowing down. And the amount of data growing in your system can outpace your IT or security team’s ability to back up and protect it. You need a backup solution that can keep up.
What if you didn’t back up your data and disaster strikes? It’s not the end of the world — if you have disaster recovery. If your data is compromised, start by undoing the damage. Try reverting to the last good version of your data. Snapshots, data retention policies, consistent or tertiary sites, like the cloud, will all add layers of defense.
A disaster recovery plan will help you get back on your feet and keep your business running after a worst-case scenario. But ideally, you won’t have to revert to DR because you protected your data in the first place.
It’s important to regularly review your backup strategy says Florindo Gallicchio, managing director and head of strategic solutions at NetSPI, “One way to do this is by ensuring that backups with all of the organization’s critical data are routinely, completely, and securely assessed — as this is a necessary step in recovering from a possible ransomware attack. These backups should be encrypted so that sensitive data is not disclosed and stored in such a way that an organization can recover its data in a timely manner, as this is necessary to minimize disruption to business operations. Additionally, organizations should regularly revisit and test disaster recovery and business continuity plans to validate that ransomware and other threats won’t impact the integrity of any backups.”
Adrian Moir, technology evangelist and principal engineer at Quest Software says organizations must take responsibility for their data, even when it’s stored in the cloud. “Most businesses assume their data security is totally in the hands of their cloud providers, which can lead to unfortunate situations when data is not backed up. This is why organizations must follow the shared responsibility model, which discourages the ‘out of sight, out of mind’ attitude and reduces the risk of lost data. Unfortunately, those following the model struggle with backups from the cloud, because data is stored in slow object Blob storage and the system is designed for the endpoint user — not the IT admin’s backup experience. Going forward, we expect to see new approaches to API’s that provide faster data restoration and give cloud customers more control and speed over their backups.”
Finally, Steve Petryschuk, product strategy director at Auvik offers five handy backup tips:
Automate your backups! Don’t spend your precious time manually backing up your workstations and network devices.Check regularly to make sure your automated backups are running regularly.Make an off-site copy of your backup. That could be to the cloud, or to another physical location. You just don’t want all your data in one location.Test your backups! You don’t want to find out your backups are corrupted when you’re in need of them. Test restoring them often to ensure you have a solid recovery plan.Make sure you’re backing up as much as you can! We often think about workstations and servers to back up but don’t forget about other data types, like data hosted in your cloud services.
Photo credit scyther5 / Shutterstock