The end of March marks World Backup Day, a day traditionally designed to raise awareness of the importance of backup and encourage best practices. However, in 2024… Is backup still relevant?
It’s been well documented that the old ‘golden’ 3-2-1 backup rule is obsolete, but are newer methods all that more effective? Adversaries now actively go after backup systems during their attacks and combine this with issues such as data centre outages, misconfigurations, ‘sleeper’ ransomware, and supply chain attacks, backup no longer offers the protection it once did.
So, with so many issues surrounding current backup methods, what does World Backup Day look like in 2024?
Backups are under attack
The primary aim of cyber attacks is to wreak havoc by disabling, destroying, or interrupting operations through unauthorised access. Some attacks are set out by perpetrators simply wishing to cause as much damage as possible to their victims, while others are seeking monetary gain through their illicit activities. Whatever the end goal, backup systems can often impede this by allowing organisations to restore any compromised data with minimal disruption.
As such, in recent years the backup systems themselves have found themselves under attack. Scott Tucker, Consultant at ThreeTwoFour, a Node4 company, notes that “there is a concerning trend of backups being targeted and compromised. Ransomware strains such as SamSam and Ryuk are notorious for targeting backups as part of their attack, rendering them inaccessible and ineffective. VEEAM’s 2023 Ransomware Trends report indicated that in 93% of ransomware incidents, the threat actors targeted the backup repositories. This trend poses a significant challenge to traditional backup strategies, as organisations may no longer rely solely on backups for data recovery in the event of an attack”.
Additionally, cybercriminals are developing more advanced methods of attack which, while not explicitly targeting the backup systems, seek to manipulate or subvert them. For example, ‘sleeper’ malware won’t attack straight away; instead, it will lie in wait on the infected device until a certain date/time and then, when it reveals itself, backups may fail because the malware, while in stealth mode, has been backed up along with the rest of the network.
Let’s keep it clean
Despite the fact that old backup methods are proving less and less effective, the simple truth is that they are still an absolute necessity. As long as threat actors are still seeking to alter, encrypt, or destroy data, backup systems will remain important. “But now a key target for cybercriminals, the main focus should be on clean backups and recovery”, states Darren Thomson, Field CTO EMEAI at Commvault. “Anomaly detection and early warning systems are essential to this. Only then can businesses stay ahead of the game and prevent cybercriminals from infiltrating backups in the first place. By getting closer to data, particularly the most critical datasets, any unusual activity – such as the encryption of a file – should be analysed and, if it is found to be malware, stopped in its tracks before it has the chance to spread.
“However, clean backups are only useful if you have a clean environment to recover into. In addition, a recovery plan that is not tested is no recovery plan at all! The issue is that properly testing and recovering to a clean environment (a “cleanroom”) has historically been very expensive and complex”.
So, what’s the solution?
Turning to cloud providers
As with many technological advancements or trends in recent years, issues surrounding backup have sought to be remedied through the utilisation of cloud computing.
It’s undeniable that the cloud can offer some great solutions, including air-gapped technology that can prevent hackers from accessing or deleting backups; however, there are still considerations. Terry Storrar, Managing Director at Leaseweb UK explains: “Of all the different services available through the cloud, cloud backup is arguably the most popular. This is understandable when considering the benefits of the simplicity and scale of cloud computing and it’s certainly something that provides tremendous benefit to organisations. However, not every cloud backup solution is created equal. Organisations need to ensure that they are choosing a trusted cloud hosting provider that offers comprehensive expertise, 24/7 support and robust disaster recovery solutions”.
Myles Currie, Product Manager – End User Compute at Six Degrees furthers: “If your organisation is transitioning workloads to public cloud, you may well have concerns around losing control of your data. These aren’t unfounded – SaaS providers take backups to ensure the integrity of their services, but they will not take responsibility for data loss that results from accidental deletion, malware or operational errors. This year’s World Backup Day is an opportunity for organisations to consider how they protect data stored in public cloud environments. I recommend partnering with a trusted data protection provider to hand control of your mission-critical data back to your organisation”.
Data is changing
The world (and data) is changing. Cybersecurity methods that worked 10 years ago, or even 10 months ago, are simply not going to work and as such, backup methods need to evolve. And fast.
Tim Sherbak, Product Marketing at Quantum notes: “Backing up data has been a necessity for decades for organisations to keep their data safe and recoverable. Now that AI has burst onto the scene, especially in the last year, the data organisations are accumulating – and increasingly storing forever – holds the potential for far greater value than ever before … Organisations need to be confident that they can restore their data in the event of a cyber-attack or natural disaster. Having a rock-solid data protection strategy and a tried and tested disaster recovery plan are essential. With increasing regulations and corporate recognition of inherent risk around the use of AI, retaining model training and input data is also non-negotiable for documenting solutions, explaining the models and their outcomes, complying with internal policies and mitigating legal risks. Massive data growth and its required retention will drive the need for new levels of cost efficiency and accessibility in our data protection solutions”.
So, with all this change, organisations must ensure that, above everything else, they keep data protection front of mind. Kevin Cole, director, product and technical marketing, data protection at Zerto, a Hewlett Packard Enterprise company summarises: “As the old saying goes: the best time to put in place a modern data protection strategy was yesterday; the second-best time is today. However, for most people there’s a simple reality: backup is boring. It doesn’t get the same hype as the latest trends in IT, whether artificial intelligence, cryptocurrency, or Web 3.0. It can be hard to get attention for a computing practice that dates many decades.
“Yet, backup remains more relevant than ever thanks to the explosive growth in data, distributed from edge to cloud, and an ever-evolving cyber threat landscape. Backup is still one of the foundational pillars in data protection alongside disaster recovery, archive, and cyber recovery”.