World Backup Day: 3-2-1, ready?

It’s World Backup Day, as always at the End of March. In 2024, the technology landscape has changed, with (generative) AI all over the place and more and more cloud offerings on the market. What does that mean for Backups and how do companies ensure they have a solid backup strategy? We put together some commentaries on the subject…

Jon Fielding, Managing Director, EMEA, at Apricorn.

“World Back Up Day is an opportunity to reflect on the importance of a solid backup strategy which remains the best last line of defence against ransomware attacks. The reality is that 24% of organisations suffered a data breach due to ransomware in 2023, up from 15% the previous year, revealing that few have robust processes in place, according to an Apricorn survey. Such attacks are set to increase thanks to Generative AI, warns the NCSC, and efforts to destabilise the ransomware economy by the authorities appear to be ineffective, with groups such as LockBit making a return. Such developments make it even more pressing to ensure backup processes are in place that are correctly used and regularly tested.

“Almost two-thirds of companies lost data due to failed backups last year, as revealed in the Apricorn annual survey, indicating that backup processes are not being regularly tested. Of the 90% of companies that needed to recover, only 27% were able to retrieve all of their data. What’s more, almost a quarter admitted they didn’t have backup processes that would facilitate rapid recovery, which can determine how effectively a business rebounds. This may be in part to an overreliance on cloud-based processes, as on-premise or local backup solutions are widely recognised as providing the quickest means of recovery.

“Data recovery rates may be suffering due to the move to the cloud and use of SaaS applications leading organisations to assume data backup is included. Cloud Service Providers (CSPs) do not automatically provide data backup services for customer data and nor do SaaS providers. So, in the event of data loss or a ransomware attack where there is no viable backup, that data becomes irretrievable. Where backups are offered, the pricing is notoriously complex with multiple charges for storage, testing and data transfer as well as being difficult to manage. This can have a detrimental effect, with organisations cutting back to a bare-bones backup function. However, others are instead taking the opportunity to revert to an on-premise option.

“Another cause of the poor recovery rates is likely to be user error. The growth in remote and hybrid working has seen businesses effectively pass the responsibility to the user who then resorts to performing backup manually. Manual backups were performed in 48% of companies in 2023 compared to just 6% in 2022, revealed the Apricorn survey. Manually backing up data can see data saved incorrectly with it seldom duplicated to a central location. This creates a single point of failure, which is why the 3-2-1 rule has become even more relevant today. It advises that at least three copies of data are retained, with at least two stored on different media, and at least one held offsite, such as on an encrypted removable hard drive or USB, to air gap the data from any online threat.

“Finally, there’s another important consideration that is seldom mentioned with regards to backup and that’s encryption. If data does become compromised and falls into the wrong hands, encryption can ensure that it remains unintelligible. Applying data encryption across the business as standard is therefore advisable, providing a belt and braces approach that complements backup by protecting data in use, in transit or at rest.”

Candida Valois, Field CTO, Scality

“Backups have become a popular target for cybercriminals as they’ve learned that an organization is more likely to pay a ransom if their backup data has been compromised. Reports show 93% of attacks target backup repositories with a 68% success rate. And in 75% of these events, cybercriminals succeed in debilitating their victims’ ability to recover. This year’s World Backup Day therefore no longer serves as simply a reminder to back up data, but also to make sure those backups are protected.
Immutable storage has emerged as a vital solution to protect those backups, cementing its position as a must-have capability within an organization’s security toolkit. In fact, a recent survey revealed that 69% of IT leaders consider immutable storage essential to their corporate security strategy. However, what is not getting enough attention is that not all immutable storage is equal. To strengthen their security postures, we’ll see more organizations take a much-needed closer look at their immutable storage solutions to determine if they are truly immutable. They will begin to understand the five key areas that constitute “true immutable storage” and include no deletes or overwriting ability, instant data store lockdown, configurable retention policies, support for S3 Object Locking APIs, and compliance mode to prevent immutability configuration changes.”

Related:   CTEM - useful or just another acronym?

Neil Jones, Director of Cybersecurity Evangelism, Egnyte

“World Backup Day reminds us that data protection is only as good as your organization’s level of cybersecurity preparedness. With more than $1 billion paid in global ransom payments in 2023, data backups have become mission-critical as organizations seek to recover from ransomware attacks (and other debilitating cyberattacks) in days or hours rather than weeks or months. 

The best advice I can offer is that organizations must take their Incident Response (IR) programs seriously, and a viable Business Continuity and Disaster Recovery plan needs to be a vital component of that larger IR program. Here’s why: In the event of a significant cyberattack, users can’t stay productive without just-in-time access to their data, and even minutes or hours of data interruption can have a major impact on employees’ productivity and a company’s bottom line. 

In addition to protecting themselves against cyberattacks, companies struggle to manage the vast amounts of data they generate in today’s AI-driven work environment while adapting to global data privacy regulations that are changing frequently. As a result, it is extremely important to test your company’s backup environment regularly before a potential cyberattack, technical malfunction, or employee error that could make your data inaccessible. 
On World Backup Day, I’m reminded that simple, inexpensive approaches like implementing effective data protection procedures, reducing data sprawl, and restricting users’ access to information on a ‘business need to know’ basis can majorly impact data security now and in the future. Another proven- and inexpensive- approach is encouraging users to take proactive steps to back up their organizational data and to “say something if they see something” unusual in their everyday IT environments.”

Carl D’Halluin, CTO, Datadobi: 

“This World Backup Day, I want to remind everyone that protecting your data with backups isn’t just a technical formality. Given the virtually unavoidable risks of ransomware, malicious or accidental deletions, and countless other threats – it’s absolutely crucial for the health of your business.

The first step? Get your arms around your data. You cannot protect it, if you do not know what you have. Then…

A well-thought-out and tested data backup strategy, together with a combination of robust data security and management solutions, can significantly enhance operations resilience. Add to that the crucial but sometimes missed step of a “golden copy” (i.e., an immutable copy of your business-critical data in a secure and remote site) and your business will be protected today, as well as ideally positioned to support business continuity well into the future.”

Oleksandr Maidaniuk, VP of Technology, Intellias

“Data is the virtual lifeblood of today’s organizations, so as World Backup Day 2024 rolls around, we need to appreciate how crucial regular data backups are for keeping our businesses running without interruption, even in the face of a simple outage or a manmade or natural disaster.

Of course, implementing a seamless backup and disaster recovery (DR) strategy is easier said than done, due to the complicated interplay of technological, regulatory, and operational factors. The heterogeneous nature of data and technology platforms and the increasingly complicated and stringent compliance mandates combined with the need to minimize – if not eliminate – downtime requires a nuanced approach.

At the end of the day, it all boils down to knowing how to strike the perfect balance between protecting all our data thoroughly and using our resources wisely. This way, we can get back on our feet fast after any setback without disturbing our daily work. Savvy folks in data management understand that if we don’t have this kind of know-how already in our team, we might need to team up with a reliable partner. This partner should be all about giving businesses the latest, customized backup solutions that do more than just keep data safe; they should fit exactly with what we need and want to achieve. The ideal partner will be just that – a partner that acts as an extension of your internal capabilities – enabling you to leverage advanced technologies like cloud storage, automation, and AI and in doing so, enhance the resilience of your businesses, making data protection seamless and reliable. On World Backup Day and every day, let’s pledge to prioritize backup, DR, and business continuity to ensure our data remains safe, our operations resilient, and our future secure.”

Leave a Reply

Your email address will not be published. Required fields are marked *