World Backup Day is an annual event that takes place on March 31st to remind individuals and businesses about the importance of regularly backing up their digital data. The day serves as a reminder to everyone to protect their valuable data from potential disasters such as cyberattacks, hardware failures, or natural disasters.
In today's digital world, data has become an essential part of our lives. We store a vast amount of data, including personal photos, videos, documents, and critical business information, on our electronic devices. Unfortunately, organizations often take this data for granted and fail to take necessary precautions to protect it. We heard from cyber leaders from across the industry on the importance of data backups and what organizations can do to safeguard their data in the event of a cyberattack. Tyler Moffitt, Sr. Security Analyst at OpenText Cybersecurity
“SMBs need to take backup seriously to avoid data loss and to protect against cyber threats. Developing a backup strategy, testing your backups, keeping backups offsite, encrypting your backups, and implementing a backup monitoring system are all critical steps to take on World Backup Day and beyond.
Develop a backup strategy: Start by assessing what data needs to be backed up and how frequently. Consider the type of data, its importance, and the impact of losing it. Then, decide on the backup location and method, such as cloud-based, physical backup, or a combination of both. I recommend the latter, but I can understand if budgets are in the way. That is also a primary reason why SMBs are targeted.
Test your backups: It's essential to test your backups regularly to ensure they're working correctly. Test backup data to make sure it can be recovered and is usable. Without these dry-run rehearsals, your backups could be useless or result in your team running around with their hair on fire during a time of crisis when you need to be calm and collected.
Keep backups offsite: If you store your backups onsite, they could be vulnerable to theft, fire, or natural disasters. Therefore, keeping backups offsite as well in a secure location is recommended. Cloud-based backup solutions offer this option to supplement any onsite solution.
Encrypt your backups: It's important to encrypt your backups to prevent unauthorized access to the data. Encryption ensures that even if someone gains access to the backup data, they won't be able to read it or use it for leverage on a leak site in data exfiltration cases, which are all too common.
Implement a backup monitoring system: A backup monitoring system helps you keep track of your backups and ensures they're running correctly. It alerts you if there are any issues, such as failed backups or insufficient storage space. Having snapshots and a running history of versions of files is crucial as well. In case any of the most recent versions were to become compromised, you can have copies that you know will restore correctly.” Corey Nachreiner, Chief Security Officer, WatchGuard Technologies “Real-world backups are crucial to a strong security strategy. Why? Just ask any organization that has had to learn this answer the hard way: backups can save your business.
With ransomware being one of the top threats confronting companies today, there is renewed appreciation for the value of backups. By providing the ability to recover files that have been encrypted by a threat actor, they enable organizations to eliminate the threat of a single-extortion ransomware attack. Remember, ransomware is just one way a company might lose data, so it’s also just good practice for disaster recovery.
That said, there are nuances to how backup should be done as part of a ransomware defense strategy. Attackers often target backup services and disable them before an attack. Therefore, organizations should practice what’s called 3-2-2 backup, which maintains multiple backup sources off and online. Simply put, 3-2-2 means three copies of data – two stored locally on different devices, and two offsite (e.g., a copy in a remote location, plus another copy in the cloud). Furthermore, companies need to be sure to test and prove their backups actually provide fast recovery– in addition to backing up regularly and implementing strong protections around the multiple copies of those backups – to avoid the “real-death” of their data in the event of a successful ransomware attack.
Every business has something of value that they might consider paying a ransom for if they lost access to it. And many organizations have proven not to have good backups, which is why ransomware is so effective in the first place. Make sure you set yourself up to be in a position where you will never have to give in to ransom demands. Whether it’s a customer database, a critical IP, or the gold standard VM image, don’t just talk about backing up regularly; do it.” Joseph Carson, chief security scientist and Advisory CISO at Delinea
"World Backup Day is a reminder for all organizations to review their backup strategy and ensure it is resilient against cyber attacks. Companies tend to increasingly rely on online backups, however, if they use the same credentials as their production systems for a speedy recovery, that makes it very easy for cybercriminals to access, exfiltrate or encrypt sensitive data with ransomware. Keeping a copy offline is only half of what’s needed to protect digital assets, and organizations should also implement privileged access security to restrict and closely monitor access to backups. A secure backup, rather than a speedy backup, is what will bring your business back after a cybersecurity incident. I recommend using World Backup Day to ensure that your organization’s strategy is top-notch."
Chris Vaughan, Vice President, Technical Account Management, at Tanium
"A cyberattack by means of ransomware, an unforeseen deletion by careless employees, or due to a software error, are real dangers for digitally stored data and the impact on the affected organization would be devastating.
According to a report by EconoTimes, around 140,000 hard drives fail every week. Despite this fact, only 20 percent of the companies surveyed secure their data with a backup. This makes it even more important to protect your digital assets against failure. Unlike physical objects, it is easy to make a copy of digital assets. If possible, this should be kept separate from the original data and shielded so that any cyber attack cannot spread to the backup copy.
Another aspect of data protection by means of backup is to ensure that the backup copy is kept as up-to-date as possible. This means maintaining a regular routine in which newly produced data is implemented into the backup and saved for the future. The more current the data status of the backup is, the less problematic it is to resume regular operations after an incident.
The permanent maintenance of an extensive and always up-to-date backup is, of course, associated with costs. But similar to an insurance policy, this additional financial expense is disproportionate to the devastating consequences of a total failure. It is also important not to be lulled into the fatal certainty that you are always careful and have not yet had to deal with a digital incident. Because when it comes to cyber attacks, the question is not if, but when.
Like fire insurance, a data backup is part of every security portfolio of responsibly managed companies. If someday the data is suddenly gone, you can rest much easier knowing that you have a backup copy up your sleeve." Glenn Gray, Director at Auvik Networks
"Backing up data and the network is not the most exciting task, but it is critical for business continuity, productivity and profitability of a company. Changes and updates to network configurations happen regularly, but documentation and backups of those configurations typically lags behind, leaving organizations vulnerable to network outages. Our recent report found 41.5% of IT teams are only updating network documentation monthly or less often, despite 53% reporting that configuration changes are happening daily or weekly. What’s more, 45% of IT teams do not fully know the configuration of their networks. These gaps make it far more challenging for IT teams and network managers to pinpoint and correct issues when the network goes down, and in these moments, speed is crucial. According to the information Technology Industry Council, one hour of server downtime costs most small and mid-sized companies $300,000, and can cost larger organizations more than $5 million. World Backup Day is a good reminder for IT teams and network managers to ensure that they have policies and capabilities in place to keep network configuration changes and documentation fully up to date, routinely backup network configurations and maintain a complete network map. These tasks are mundane, but incredibly important for ensuring business continuity and recovery in the event of a cyberattack or other network disruption."
Ricardo Amper, Founder and CEO at Incode
"Traditional identity systems are fraud-prone and easily stolen. The most powerful mechanism we have to strengthen our data backup and protection protocols is biometrics. Leaders in every industry should leverage their unique identity markers to eliminate fraud and data loss."