Let's Celebrate World Backup Day 2024 - Hear From Industry Experts : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

Let's Celebrate World Backup Day 2024 - Hear From Industry Experts

world backup day

It's that time of year again! No, not the time for holiday shopping or beach getaways. It's World Backup Day, a yearly nudge (or perhaps a gentle shove) for everyone to prioritize the often-overlooked task of backing up their data. While techies might scoff at the notion of needing a dedicated day for backups, the reality is that data loss can strike anyone, anytime. From a hardware malfunction to a nasty case of ransomware, irreplaceable photos, documents, and work projects can vanish in an instant.

This year's World Backup Day, which falls on March 31st, 2024, is a prime opportunity to re-evaluate your backup strategy. Are you relying on a single, aging external hard drive tucked away in a corner? Is your cloud storage on autopilot, with no recent verification? World Backup Day serves as a springboard to explore robust backup solutions, ensuring your digital life is safe and sound.

So, how can you celebrate World Backup Day 2024? Here are some tips:

Backup your data: Take some time to create backups of your important files and documents. This can be done manually or by using a backup software or a cloud-based service. Remember to include all your digital devices such as your computer, smartphone, and tablet.
Test your backups: It's important to ensure that your backups are working correctly. You can do this by restoring some of your files from your backup to your device and checking that they are intact.
Educate yourself: Learn more about data backup best practices and cyber threats. There are plenty of resources available online that can help you understand the importance of data backup and how to implement it effectively.

Don't take my word for it. Hear from some of the brightest minds in the backup and disaster recovery industry for more commentary and expertise.

Anthony Cusimano, Technical Director, Object First

Looking back at the past year of evolution in the backup industry, it’s become evident that backup admins are in dire need of more time and an updated strategy to ensure recovery. There are three peaks of opportunity to grant backup-minded individuals the effective tools required to secure data and peace of mind. The first is zero trust, which hasn’t been appropriately applied at large when it comes to backup. However, implementing a Zero Trust Data Resilience strategy that underlines data backup systems with immutable storage, contextual authentication, and strong access controls is key for enterprises to heighten their security posture against data attacks. Next, there’s encryption. Among today's advanced ransomware tactics, adopting end-to-end encryption ensures data is locked to those without a key. Lastly, implementing immutable backups can curb malicious actors by guaranteeing that even the most privileged user can’t alter or delete critical data. World Backup Day is a reminder to prioritize data protection, but taking actionable steps is how we certify that our data will be resilient against threats and disasters.

Kevin Cole, director, product and technical marketing, data protection at Zerto, a Hewlett Packard Enterprise company

World Backup Day is a welcome chance to remind ourselves of the importance of protecting our data and ensuring its availability. As the old saying goes: the best time to put in place a modern data protection strategy was yesterday; the second-best time is today.

However, for most people there’s a simple reality: backup is boring. It doesn’t get the same hype as the latest trends in IT, whether artificial intelligence, cryptocurrency, or Web 3.0. It can be hard to get attention for a computing practice that dates many decades.

Yet backup remains more relevant than ever thanks to the explosive growth in data, distributed from edge to cloud, and an ever-evolving cyber threat landscape. Backup is still one of the foundational pillars in data protection alongside disaster recovery, archive, and cyber recovery. This World Backup Day, make it a priority to double-check your backup plans and ensure end-to-end protection across the data lifecycle. It may not have the headline-grabbing power of IT’s latest bleeding edge innovations, but backup is one of the most critical tools in any organization’s efforts to minimize data loss and take control of the data deluge.

Darren Guccione, CEO and Co-Founder at Keeper Security

Ransomware is among the most common cyber attack vectors globally, according to a recent Keeper® survey of IT and security leaders. As attacks continue increasing in volume and severity, regularly backing up data to the cloud can help both enterprises and small businesses protect and restore data without having to pay a cent of ransom. Adoption of a zero-knowledge, zero-trust solution can help simplify protecting cloud backups and have the added benefit of mitigating the impact of ransomware attacks. A zero-trust security model with least privileged access and strong data backups will limit the blast radius in the event that a cyber attack does occur.

World Backup Day reminds us that despite the growing number of sophisticated malicious actors and the ever-evolving threat landscape, strategic solution adoption and following simple best practices can protect organizations against devastating cyber incidents and mitigate the effect of a successful attack. Strong identity and access management at the front end will help prevent the most common cyber attacks that can lead to a disastrous data breach. A proactive cybersecurity strategy and prudent investment are crucial, because no organization is immune to attack.

Nagarajan Chandrasekaran, Vice President of Product Success, Vembu Technologies

As we celebrate World Backup Day, it serves as a reminder of the critical importance of safeguarding our digital assets against the escalating threat of cyberattacks. The exponential rise in ransomware attacks underscores the urgent need for robust data protection measures to mitigate the risk of irreversible data loss. By fortifying our defenses and implementing stringent data protection policies, we can strengthen our resilience against malicious actors seeking to compromise our invaluable information.

On this occasion, it is imperative to extend our heartfelt appreciation to the dedicated IT Admins and Managed Service Providers (MSPs) who tirelessly operate on the frontline of defense, safeguarding our digital infrastructure from cyber criminals. Their unwavering commitment and expertise play a pivotal role in safeguarding our digital ecosystem and ensuring business continuity amidst evolving cyber threats.

Jack Bailey, VP, Channel and Sales Enablement, 11:11 Systems

With only 52% of organizations who pay a ransom able to fully recover their data*, a focus on validating and securing your organization's backup and recovery plan is more critical than ever. For vital data assets, 11:11 recommends leveraging immutability, air-gapping access and conducting frequent testing to ensure your recovery data isn't impacted by encryption, deletion, or misconfiguration.

*Gartner, Inc. How to Recover From a Ransomware Attack Using Modern Backup Infrastructure. ID G00738061

Subbiah Sundaram, VP Product, HYCU, Inc.

We want to thank the countless Backup Administrators, the unsung heroes of everyone's organizations. Their job is one that, when done well, often goes unnoticed. Yet, it is crucial for those rare, unfortunate days when everything depends on their preparedness.

Our hats off to the Backup Teams in every organization, the guardians of critical business data and the unsung Emergency Responders. They ensure the organization is always prepared, no matter when or where it's needed. Most people may not realize the extensive thought and effort required to protect data across various silos within the organization, ensuring nothing is left unprotected.

On this World Backup Day, we have three straightforward requests for every IT organization:

Ensure you have an easily accessible inventory of your data, regardless of whether it's stored on-premises, in the public cloud, or through services like SaaS, PaaS, IaaS, or DBaaS.
Recognize that ransomware is a significant threat. Invest in a robust recovery plan and objectively measure your recovery readiness.
Minimize the number of tools used to protect your data estate. A higher number of tools can lead to more gaps and increased risk. Importantly, streamlining does not necessarily mean increased spending.

Kim King, Senior Director, Product Marketing, HYCU, Inc.

Data is the heartbeat of our society. Hospitals, grocery stores, government agencies, and critical infrastructure all depend on data to stay up and running, and when data is lost, it can shut down critical services we rely on to power our daily lives.

This year as we celebrate World Backup Day, we want to recognize the part backup plays in keeping our society running, and say a huge “THANK YOU!” to all the backup professionals working behind the scenes to keep everyone's data protected. Their dedication to implementing and maintaining robust backup strategies keeps our modern It environments running smoothly.

Martin Zugec, Technical Solutions Director at Bitdefender

Forget coffee spills – today's threats are far more sinister. World Backup Day reminds us that backups traditionally designed for accidents, outages, and natural disasters aren’t enough. Ransomware attacks are orchestrated by malicious actors who actively hunt down and try to destroy backups to increase chances of payment, leaving you with no safety net. We need a new era of backups – air-gapped, secure, and resilient. But remember, backups are just one piece of the puzzle. A multilayered defense is crucial to stop attackers in their tracks. After all, backing up your data is only half the battle – on World Backup Day, let's remember that being able to restore it is just as important.

Colin Presly, Head of Customer Success at Seagate Technology

Amidst the AI boom and continued scrutiny on sustainability, it's important that companies’ data storage strategies set them up for success as they navigate evolving data needs.

AI increased demand for data storage and importance of backups. Data is the fuel that drives AI because it allows businesses to render insights and value from previously untapped information – the data they already have. Data backups are not just an IT and security imperative. They are critical for business operations. With AI raising the stakes, companies must reevaluate where and how they store their data to ensure it is available when they need it and to minimize cost and energy consumption.
Sustainability of storage solutions is an increasingly important consideration for data backup. The International Energy Agency projects that data centers’ electricity consumption in 2026 will reach 1,000 terawatts, which is roughly Japan’s total electricity consumption today. New areally dense solutions can help enterprises and data centers scale and drive down costs, while keeping sustainability as a top priority. HAMR-enabled hard drives can improve areal density at more efficient power consumption levels.
Commit to refurbished and recycled drives. The Circular Drive Initiative, a partnership of global digital storage leaders, is helping to make data storage more sustainable by promoting circularity. This means refurbishing, repairing, reusing, and recycling to limit the e-waste entering the environment. As sustainability continues to be a top priority for organizations and key stakeholders, enterprise leaders should choose storage solutions that are part of the circular economy.
Amidst the AI boom and focus on sustainability, the 3-2-1 rule still applies. Most experts recommend a 3-2-1 backup rule, meaning keeping 3 versions of your data (the original and copies) on 2 different media with 1 copy offsite for disaster recovery. Organizations should choose cost-optimizing storage solutions to preserve their business data.

Molly Presley, SVP of Global Marketing, Hammerspace

On this World Backup Day, it's important to remember the increasing role of automation in accurately identifying, protecting, and utilizing an organization's data assets. In our current data-focused society, detailed, actionable metadata is crucial for utilizing data fully. However, managing vast amounts of unstructured data across various storage systems, locations, and multiple cloud platforms can be difficult and require significant time and effort. Furthermore, as the number of devices that generate data increases, relying solely on manual processes is time-consuming and risky.

Implementing global-level data protection services with automated policies allows organizations to identify newly created data across the entire data environment, automate data copy creation controls and data services, and ensure global data protection on any infrastructure as well as compliance with corporate governance requirements. Automated, global-level data protection empowers organizations to simplify their data management and unlock the full potential of their data. It will become the new norm for data protection.

Carl D’Halluin, CTO, Datadobi

This World Backup Day, I want to remind everyone that protecting your data with backups isn't just a technical formality. Given the virtually unavoidable risks of ransomware, malicious or accidental deletions, and countless other threats – it's absolutely crucial for the health of your business.

The first step? Get your arms around your data. You cannot protect it, if you do not know what you have. Then…

A well-thought-out and tested data backup strategy, together with a combination of robust data security and management solutions, can significantly enhance operations resilience. Add to that the crucial but sometimes missed step of a "golden copy" (i.e., an immutable copy of your business-critical data in a secure and remote site) and your business will be protected today, as well as ideally positioned to support business continuity well into the future.

++

Oleksandr Maidaniuk, VP of Technology, Intellias

Data is the virtual lifeblood of today's organizations, so as World Backup Day 2024 rolls around, we need to appreciate how crucial regular data backups are for keeping our businesses running without interruption, even in the face of a simple outage or a manmade or natural disaster.

Of course, implementing a seamless backup and disaster recovery (DR) strategy is easier said than done, due to the complicated interplay of technological, regulatory, and operational factors. The heterogeneous nature of data and technology platforms and the increasingly complicated and stringent compliance mandates combined with the need to minimize - if not eliminate - downtime requires a nuanced approach.

At the end of the day, it all boils down to knowing how to strike the perfect balance between protecting all our data thoroughly and using our resources wisely. This way, we can get back on our feet fast after any setback without disturbing our daily work. Savvy folks in data management understand that if we don't have this kind of know-how already in our team, we might need to team up with a reliable partner. This partner should be all about giving businesses the latest, customized backup solutions that do more than just keep data safe; they should fit exactly with what we need and want to achieve. The ideal partner will be just that - a partner that acts as an extension of your internal capabilities - enabling you to leverage advanced technologies like cloud storage, automation, and AI and in doing so, enhance the resilience of your businesses, making data protection seamless and reliable. On World Backup Day and every day, let's pledge to prioritize backup, DR, and business continuity to ensure our data remains safe, our operations resilient, and our future secure.

Neil Jones, Director of Cybersecurity Evangelism at Egnyte

World Backup Day reminds us that data protection is only as good as your organization’s level of cybersecurity preparedness. With more than $1 billion paid in global ransom payments in 2023, data backups have become mission-critical as organizations seek to recover from ransomware attacks (and other debilitating cyberattacks) in days or hours rather than weeks or months.

The best advice I can offer is that organizations must take their Incident Response (IR) programs seriously, and a viable Business Continuity and Disaster Recovery plan needs to be a vital component of that larger IR program. Here’s why: In the event of a significant cyberattack, users can’t stay productive without just-in-time access to their data, and even minutes or hours of data interruption can have a major impact on employees’ productivity and a company’s bottom line.

In addition to protecting themselves against cyberattacks, companies struggle to manage the vast amounts of data they generate in today’s AI-driven work environment while adapting to global data privacy regulations that are changing frequently. As a result, it is extremely important to test your company’s backup environment regularly before a potential cyberattack, technical malfunction, or employee error that could make your data inaccessible.

On World Backup Day, I’m reminded that simple, inexpensive approaches like implementing effective data protection procedures, reducing data sprawl, and restricting users’ access to information on a ‘business need to know’ basis can majorly impact data security now and in the future. Another proven- and inexpensive- approach is encouraging users to take proactive steps to back up their organizational data and to “say something if they see something” unusual in their everyday IT environments.

Bin Fan, Chief Architect and VP of Open Source, Alluxio

Every year, the amount of data we produce increases significantly. World Backup Day is a call to action, urging us to reconsider our strategies for simplifying backup and recovery to keep pace with the significant increase in data production each year.

As we scale the data storage, timely data movement is a necessity, whether for archiving data in more economical storage or for duplicating data to another center as part of a disaster recovery plan. However, this process can be complex and operational-heavy. We should keep optimizing and streamlining data movement across multiple storage systems.

On this World Backup Day, let's commit to exploring more efficient and effective ways to protect and manage our growing data, ensuring we're prepared for any unforeseen circumstances that may arise.

Anneka Gupta, Chief Product Officer, Rubrik

In 2024’s cybersecurity threat landscape, World Backup Day is no longer sufficient. It’s time to celebrate the era of cyber resilience — where the combination of cyber posture and cyber recovery will help to create a cyber resilient future and prepare organizations for any threat, at any stage of an attack.

Data recovery and backup systems are often an organizations’ last line of defense, and traditional solutions are no longer cutting it. Last year, a Rubrik Zero Labs State of Data Security report found that 93% of external organizations reported malicious actors attempting to impact data backups during a cyberattack, with 73% claiming the attempts were at least partially successful.

With a data backup solution as the only thing standing between business continuity and business ruin, organizations must ask themselves: ‘Do I trust the solution and strategy I have in place?’ To establish this trust, organizations should:

Ensure that data has proper authentication and access controls, stopping cybercriminals from exploiting systems’ vulnerabilities.
Maintain visibility into not only data at risk, but what’s been affected when the systems have been attacked. The ability to more seamlessly monitor data wherever it lives allows IT and security teams to quickly and accurately assess risks and remediate threats.
Consistently simulate and test recovery, so that when the real thing happens, organizations can recover critical data and systems with confidence and restore the data without reintroducing malware.

Roger Brulotte, CEO, Leaseweb Canada

In today's digital age, developing infrastructure without robust backup protocols is a risky gamble. A staggering two-thirds of IT experts surveyed continue to be overwhelmed by the ever-widening gap between exploding data growth and their organization’s ability to secure it.

As data volumes surge, organizations need to recognize that data is an asset that demands adequate protection against various threats, including external attacks, hardware failures, and internal security vulnerabilities.

Investing in comprehensive backup solutions is more than simply a precaution; it is a necessary step in ensuring the continuity and integrity of corporate operations. Organizations can minimize risks, increase resilience, and ensure the long-term sustainability of their businesses by prioritizing backup strategies and implementing effective data protection policies. In an era of increasing data breaches and cyber threats, proactive steps to secure infrastructure through backup solutions are crucial for mitigating future calamities and guaranteeing business continuity.

Narayana Pappu, CEO at Zendata

With average data generation growing at 24.1% annually, organizations are spending more money year-over-year on storage, computing, and backup. Privacy regulations that mandate organizations to allow data deletion or portability only increase complexity by requiring organizations to keep multiple copies of information by user case. For example, a fintech company might allow users to delete their information and close their accounts, but they might have to keep a copy of the information for compliance and regulatory requirements. Organizations can save significant spend (a typical enterprise spends more than $10 million on backups) by using AI-enabled automation to evaluate the quality of information they are backing up, remove duplication, and ensure recovery of the most valuable data quickly in case there is an incident.

Ratan Tipirneni, President & CEO at Tigera

The rapid pace of digital transformation continues to create new opportunities–and threats–for today's organizations. The increasing availability of Ransomware-as-a-Service, a model which offers bad actors sophisticated vulnerability distribution while simultaneously isolating them from the risks of the trade, will lead to a worsening security situation for unprepared enterprises. This World Backup Day, enterprises and small businesses alike must remember that security is not a one-time effort; it’s an ongoing process that organizations of all sizes must prioritize. As the threat landscape changes and evolves, businesses must constantly re-evaluate and adapt their security measures to stay ahead of potential threats, prioritizing key best practices like regularly backing up data.

Matthieu Chan Tsin, Vice President - Head of Cybersecurity Services at Cowbell

In today’s evolving cyber threat landscape, cyberattack techniques and tactics are more sophisticated than ever before. Companies are no longer asking themselves “if” they’ll be attacked, but “when”, and must focus on ways to mitigate the impact of a compromise. While data backups may seem simple, they are a fundamental component of comprehensive risk management and incident response strategies.

This World Backup Day, organizations should recognize the impact backups can have on:

Data recovery: Enterprises have access to valuable data, making them extremely vulnerable to cyberattacks. Regular backups serve as a way to restore systems following a compromise or internal failure. In case of an attack, backups can help minimize downtime when trying to recover data, ultimately reducing the impact of an attack.
Ransomware Mitigation: Ransomware attacks are detrimental to organizations since their internal networks are compromised, and they often have to pay hefty sums to recover them. By gaining access to and extracting the most valuable information, threat actors can command higher prices for the organization's most sensitive data. Having up-to-date backups enables cybersecurity professionals to recover data and files, avoiding giving into ransom demands.

By prioritizing backup solutions and practices, enterprises can enhance their resilience against cyber threats and mitigate the impact of attacks on their operations.

Chad Graham, Manager of Cyber Incident Response Team (CIRT) at Critical Start

Performing backups for computer information systems is a crucial cyber risk mitigation strategy because it ensures the continuity of business operations and data integrity in the event of a cyberattack, system failure, or data corruption. Having offline backups is particularly important, as they are immune to online threats like ransomware attacks, which can encrypt or destroy online data. Despite its simplicity and effectiveness, the practice of regularly creating and updating backups is often overlooked, leading to significant vulnerabilities in an organization's cybersecurity posture. This oversight can result in catastrophic data loss and operational downtime, emphasizing the necessity of incorporating backup strategies into comprehensive cybersecurity plans.

Glenn Gray, Director of Product Marketing at Auvik

IT teams face a daily onslaught of requests, tickets and other maintenance activities, and configuration backups are not always at the top of the list of priorities. However, network backups are imperative to business compliance, continuity and profitability.

According to new data that will be published on April 4, there is a significant discrepancy between perceptions of the C-suite and IT technicians when it comes to network configuration backups. In a survey, C-suite respondents were more likely to report daily configuration backups (36%) compared to technicians (20%). The discrepancy indicates that either management is not aware of the real amount of work going into configuration management tasks, or technicians are simply too time-strapped and over-burdened to adhere to company policy when it comes to network backup frequency. The latter is highly likely, as another part of the research also indicated that configuration backups is one of the most commonly outsourced network related tasks/activities, with 42% of respondents indicating this is outsourced. Other parts of the research point to a lack of skilled workers and difficulties with hiring as a critical challenge facing IT teams this year leading to even more capacity issues.

To stay on top of network backups and documentation, IT teams must look at automating these functions as much as possible. Investing in the right resources and tooling, such as the adoption of network management platforms with automation tools, can help ensure that organizations adhere to their security and compliance standards. By employing these automation tools, organizations can prevent overburdening their employees with menial but necessary tasks.

++

John Anthony Smith, Founder and CSO at Conversant Group

Business continuity and disaster recovery (BC/DR) is often top-of-mind for executives in mitigating risk to the business. Backups are arguably the top control in reducing the impact of the three major types of data loss events: Human error related, natural disasters, and the most destructive (but least considered) of them all: threat-actor-caused mass destruction events.

The tactics and techniques of ransomware actors have always been rapidly evolving. Yet, in the past two years, we have seen an increase in the rate of evolution of the complexity, speed, sophistication, and aggressiveness of these crimes. Old approaches of being alerted to "security behaviors," then researching and responding to those threats, no longer work because dwell time is too short, and attacks are fast, aggressive, and frequent.

Few companies are adequately protecting their ability to restore their systems in case of a mass destruction event; and because breaches are more destructive than ever, ensuring that backups are immutable, redundant, resilient, and all pathways to them are secure and survivable is paramount. One challenge is that the definition of “immutable” varies by product manufacturer. Many do not offer true immutability (or, the inability to delete, alter, move, or destroy data unless preset, prewritten retention expiration times are satisfied). Even if a product is immutable, there must be proper security orchestration around these backups to ensure they are isolated from the network environment and that all access to them is appropriately restricted and secured.

IT and security teams must encourage and enhance backup protocols when it comes to protecting the organization’s valuable data because once data is lost forever, many companies never recover. Security should work backwards in the breach progression. Threat actors work with the end goal of encrypting and destroying backups and production data in mind to leave organizations with few options; so security should begin by ensuring resilience. Once backups are secured against threat-actor-caused mass destruction events, the organization is also properly secured against human error and natural disaster scenarios, ensuring a stronger BC/DR stance.

Jim McGann, VP of Strategic Partnerships at Index Engines

Backups play a vital role in minimizing downtime and ensuring business continuity in the event of a disaster. When disruptions occur, having backup systems in place allows businesses to quickly recover and resume operations with minimal disruption.

But on World Backup Day, we must take a moment and make sure backup strategies go beyond disaster recovery and include cyber recovery events. Cybercriminals target critical enterprise data with the goal of crippling an organization. Without a cyber resiliency strategy that validates the integrity of data, backups cannot be relied on to recover from a ransomware attack.

Ensuring the integrity of backup data is critical when faced with a cyberattack. Backup needs to evolve to support comprehensive scanning of files and databases to ensure it is clean from corruption and reliable when a restoration is required. Adding this layer of resiliency, organizations can detect corruption sooner and, in the event of an attack, these verified backups serve as your first point of recovery.

Katie McCullough, CISO, Panzura

These days, the concept of a ‘backup’ has evolved beyond mere data preservation. It now embodies the broader and more critical notion of data resiliency. As we mark World Backup Day 2024, it's crucial to recognize that simple backup practices alone can’t be relied upon to truly safeguard our data; it’s more about ensuring the availability, confidentiality, and integrity of data at a time when it’s continuously under threat. At Panzura, we encourage organizations to think beyond traditional backup strategies by integrating immutable data and robust security controls from the outset. This approach not only enhances data recovery capabilities but also fortifies data against cyber threats, making resilience an intrinsic part of the data recovery process. It's astonishing, yet common, to see organizations lack clear documentation or checklists of their most critical data elements and therefore fail to put the corresponding security controls in place.

One thing we get asked about regularly is our use of data ‘snapshots’ and immutable storage. Snapshots – which we hold billions of at any given time – capture the state of a system at a particular point in time, allowing for quick restoration and minimal data loss. Immutable storage, on the other hand, prevents data from being altered or deleted after it's written, ensuring that even in the event of a cyberattack, the original data remains untouched and retrievable. Together, they form a robust defense, safeguarding against data loss and enhancing the integrity and resilience of digital assets. In fact, no customer that has followed our best practice guidelines has ever lost their data.

This World Backup Day, let’s commit to a culture of regular testing and formalized data recovery plans, ensuring data isn't just backed up but is truly resilient and recoverable in the exact form needed, exactly when needed. Let's also not overlook the importance of data retention and disposal policies to minimize exposure and comply with evolving data privacy regulations.

++

Carlos Morales, SVP Solutions at Vercara

World Backup Day, which is coming up on March 31st, is a great reminder for businesses to make sure their data backup strategy is sound, provides an ability to protect previous backups from being over-written, and is exercised regularly. Nothing will halt a business in its tracks more than losing access to their data and not having an ability to recover it. This has never been as much a risk as it is now.

Sobering statistics from data aggregator Statistica estimates that 72% of businesses were affected by Ransomware in 2023 and that only 52% of companies recovered their data after paying the ransom. Despite increased spending on cybersecurity across the industry, percentage of companies affected continues to grow year over year. Adopting new cybersecurity solutions is only part of the answer to protecting your company. A good backup strategy can ensure that you can recover your data in the least amount of time possible even in the case of a major ransomware outbreak.

++

Candida Valois, Field CTO, Scality

Backups have become a popular target for cybercriminals as they’ve learned that an organization is more likely to pay a ransom if their backup data has been compromised. Reports show 93% of attacks target backup repositories with a 68% success rate. And in 75% of these events, cybercriminals succeed in debilitating their victims’ ability to recover. This year’s World Backup Day therefore no longer serves as simply a reminder to back up data, but also to make sure those backups are protected.

Immutable storage has emerged as a vital solution to protect those backups, cementing its position as a must-have capability within an organization's security toolkit. In fact, a recent survey revealed that 69% of IT leaders consider immutable storage essential to their corporate security strategy. However, what is not getting enough attention is that not all immutable storage is equal. To strengthen their security postures, we’ll see more organizations take a much-needed closer look at their immutable storage solutions to determine if they are truly immutable. They will begin to understand the five key areas that constitute “true immutable storage” and include no deletes or overwriting ability, instant data store lockdown, configurable retention policies, support for S3 Object Locking APIs, and compliance mode to prevent immutability configuration changes.

Matt Waxman, senior vice president and general manager for data protection at Veritas Technologies

Ransomware and other cyberattacks aimed at mass disruption by compromising data are the greatest risk organizations face right now. Downtime and outages from natural disasters and human error are still top concerns, but malware can compromise everything across today’s complex, heterogeneous, multi-cloud data environments, resulting in months long and even permanent business disruption. Against that backdrop, World Backup Day 2024 is the perfect reminder that data protection is more important than ever.

Niel Pandya, APAC & Japan CTO at OpenText Cybersecurity

Many aspects influence backup and recovery strategies, including understanding data, IT visibility, and awareness of business costs during downtime. Recently, while assisting an APAC client, we encountered challenges with their backup tool due to incomplete system scoping and inefficient usage. Manual checks on 200 systems underscored the need for prioritization and automation. It's crucial to prioritize critical systems for backup and recovery, aligning with the business's recovery time objectives. Notably, a major bank in Singapore faced penalties due to system outages, underscoring the significance of system availability. Various threats, such as ransomware attacks and natural disasters, highlight the need for preparedness in data recovery. Understanding data sensitivity aids in implementing appropriate backup measures, including data discovery to reduce the data footprint, comply with regulations, and expedite backups and restores.

Rob Price, Director of Solutions Consulting at Snow Software, a part of Flexera

One of the largest issues when considering the scope of your backup system is that so much of an organization’s data is not within their control. Micrososft365, Salesforce, and other large cloud-based content management platforms house a significant amount of critical data, and function entirely without the oversight of backup administration teams. The bigger the organization, the bigger these problems become, often with a similarly large amount of scrutiny.

Even with a team of backup administrators, there is no way to have full visibility into all the data that should be backed up in a conscientious way. The ease of procuring SaaS products has resulted in business units implementing platforms without considering the importance of data backups, procurement taking place without a PII assessment and zero understanding of the requirements around data confidentiality and record keeping.

This is where AI comes in: risk-assessments and management-level views into all the myriad disciplines can be provided with a properly trained AI system. Questions like are we prepared for recovery of confidential information, do we meet the data and accounting requirements in a specific region, are we complying with local laws in all regions in which we operate, what is our potential data recovery? Like all things with IT, you cannot protect what you cannot see.

George Axberg, Vice President, Data Protection at VAST Data

In today's fast-paced AI era, data fuels innovation and any disruption or compromise to an organization’s data can be detrimental to the business – making cyber resilience a top priority.

As enterprises amass unprecedented amounts of data and pursue new projects like generative AI, safeguarding critical data while optimizing workload performance becomes paramount. A comprehensive data solution must provide scalability, extensibility, and cost-efficiency for AI workloads, alongside rock-solid security measures for reliable protection and rapid recovery of business data and applications.

Mitigating risks from ransomware and other threats to AI models and application datasets requires support from a Zero Trust architecture, offering granular access control, multitenancy with strict isolation, robust encryption, key management, and intelligent threat detection capabilities. Aligning with frameworks like NIST provides a solid foundation for protecting against, detecting, responding to, recovering from, and even preventing cyber threats – which is crucial for ensuring ethical and effective technology use, including responsible AI practices. Solutions often talk about data immutability, but it's not just about data integrity or trustworthy AI insights; it also needs to be cost-effective while staying compliant - with instant access during data unavailability being just as crucial to prevent disasters and maintain continuous operations.

Data infrastructure can be an organization’s biggest differentiator. By embracing an API-first architecture with seamless integration to tools for AI, analytics, data protection, and security operations, organizations can ramp up their cyber resilience, enabling smooth and secure collaboration across various platforms. Moreover, the capability to flexibly scale across on-premises, edge, and cloud environments further enhances cyber resilience, empowering organizations to optimize efficiency and reduce costs by tailoring performance and capacity to meet the demands of rigorous workloads, particularly those involving AI and data protection.

Or Shoshani, co-founder and CEO, Stream.Security

With the cloud more at risk than ever, traditional and modern security methods are paramount to protecting your cloud infrastructure. Running our infrastructure on the cloud allows us to be more agile, but we must find ways to ensure data isn’t compromised or encrypted by threat actors. If it is, backing up data is critical to ensuring a fast recovery.

We live in an era where breaches are inevitable, and it's crucial to have robust response strategies and straightforward recovery methods for compromised cloud environments. We've developed various strategies with backup recovery playing a key role, to mitigate attacks and shorten the mean time to remediation, ensuring business continuity.

With the option to backup data to multiple locations on-prem and in different cloud service providers, you can ensure the recovery of your data is available in case your cloud is compromised. This World Backup Day, ensure your storage locations are updated with the latest security measures, and back up your data to independent environments.

++

Ira, Winkler, CISO - CYE

I personally described backups as part of what I called the Three Golden Rules with regard to cybersecurity back in 1996, and this has not changed despite advances in threats and technologies. Keeping regular backups is a failsafe to just about any type of incident. Whether a computer or device is lost, stolen, destroyed, corrupted, etc, whether from malicious or malignant threats, a backup will mitigate a significant amount of damage. Over time, backups have luckily become easier and frequently automatic. Cloud computing and storage, which is ubiquitous in many cases, makes backups ubiquitous as well. For data elsewhere at rest, World Backup Day serves as a great reminder to ensure regular backups.

Ashley Leonard, CEO - Syxsense

Backups are a critical last line of defense for businesses, acting much like an insurance policy for their data in the event of a cyberattack, ransomware infection, or accidental deletion. However, it's important to remember that backups are just one piece of the puzzle. Companies should also focus on proactive security measures like hardening endpoints, maintaining strong cyber hygiene, and implementing a robust vulnerability remediation process for a holistic cyber defense strategy.

Right now, a lot of the major cyberattacks that are making the news are from cybercriminal groups – either ransomware gangs or threat actors that are simply stealing data (credentials, credit card data, Social Security numbers, etc.). They target data for financial gain, using it for identity theft, credit card fraud, or selling it on the black market.

Most companies should be regularly reviewing their cybersecurity defenses to protect against cybercriminals. Are you scanning for missing patches, vulnerabilities, and security exposures regularly? And when you find them, is your team able to prioritize the fixes based on your environment, or are you finding that you’re often just accepting the risk because it’s too hard to implement a remediation? We’ve seen organizations get hacked again and again due to un-remediated, older, less severe vulnerabilities. This is what we’d consider the first line of defense. The last line is regular backups. Are you taking and testing backups regularly, and maintaining them in a secure, offsite location so you can recover your data in case of an attack? Understanding your security from end to end is critical to defending your organization from malicious actors.

Scott Roberts, Head of Threat Research, Interpres Security

Backups are an insurance policy, ensuring an organization has resilience in the face of destructive threat actors (or even an unintentional operational mistake). They provide confidence that when unexpected things happen, and everything goes wrong, the situation will be inconvenient rather than unrecoverable.

Ransomware and wipers, any destructive attacks, are the most common times when backups are valuable, while less common backups can also help respond to distributed denial of service attacks. A DDoS attack is almost always about denying users access to data, and sometimes it’s possible to mitigate the attack using a backup, by making the data available somewhere else.

Certainly AlphaV (aka BlackCat) is getting a lot of attention these days, for both their willingness to go after healthcare (often thought to be off limits) and their willingness to go after their affiliates by faking an FBI takedown. Truth be told, many of the same actors keep rebranding and setting back up. As for knowing you are protected, backups are often the best place to start, but it can’t end with just having backups. Teams also need to test and drill recovering from those backups. Simply having an archive that you can’t use does nothing. Run table tops, run live exercises, ensure that you don’t just have the data, but can get the data operational in a short timeframe.

How often organizations should create backups depends on a handful of factors. First is how often is information changing? Backing up data hourly that only changes once a week does very little besides waste drive space. Second is how much lost data is an organization willing to tolerate. If the time between backups is one day then the possible loss, and thus data that would need to be either recreated or accepted as gone, is one day worth of data. For a marketing firm, that might be acceptable, but for a payment processor, that could amount to millions of dollars of loss. Lastly, how much can you spend? Every backup takes storage space, which costs money, so organizations have to balance the trade-offs of potential loss vs actual cost. Ultimately this may be a company-to-company, division-to-division, even system-to-system decision.

It’s an underappreciated aspect that centralized backups, just like password vault or email accounts, are a treasure trove of information. If an adversary can steal backups, it’s often less work than going system-to-system. By the same token, if backups can be destroyed, then they didn’t really provide any benefit. Backups should be treated as a crown jewel asset (since they will, by their nature, contain most of an organization’s crown jewel assets). They should have strong encryption, logical segmentation from the rest of an organization’s data, and ideally be “offsite” or leveraging another infrastructure or service.

Linh Lam, CIO at Jamf

Backup is a two-way street. Backing up your laptop or phone is obvious. But does anyone backup their cloud service? What if Dropbox was compromised or went out of business? Or what if your personal account was hacked and someone deleted or changed all of your data? You need to have a comprehensive plan that doesn’t just look at personal device failure, but any of the risks in the infrastructure that houses your data.

Automate. Automate. Automate. Don’t rely on yourself or a team to remember to actively press the backup button. Use services like iCloud to automate backups.

Encrypt your backups. Make sure you also backup the key. Losing the encryption key or password could be a significant problem.

Have a plan that accounts for device theft/loss. Don’t put your passwords or critical files necessary to unlock backups in harm’s way.

Organize/compartmentalize your data for easy retrieval. If a data drive is lost with all of your photos, don’t incur the expense of pulling everything you’ve ever logged out of cold storage so you can retrieve a single directory. Make it easy to find data.

Consider your lifestyle and the related risks that you encounter. If you travel often, don’t rely on on-premises backup tools like a NAS or data-center based file servers; Embrace cloud. If you do utilize on-premises solutions, have a backup-of-the-backup that resides off-site in case of fire, vandalism, or theft.

Consider your budget. There are very inexpensive solutions that may take exceptionally long times to backup or retrieve data. Conversely, there are very expensive solutions that may be overkill for what you are using. The reality is that you will likely take advantage of the service at some point in your lifetime. Make smart decisions that are aligned with the value of your data and the need for multiple snapshots over time.

++

Chris Denbigh-White, Chief Security Officer at Next

On World Backup Day, let us examine the security surrounding backups and the associated processes used in backing up data. While considerable emphasis is placed on encouraging organizations to back up data, the security of those backups can often be overlooked.

We can all agree that administrative access should be controlled; however ‘domain admin’s’ cousin, "backup admin" is frequently overlooked. These accounts, by their inherent function, possess access to a vast array of data which they require for replication to backup locations. Do we have the same security measures around this type of access as we do for classic administrative access?

The backups themselves inherently comprise a collection of data deemed valuable, all handily stored in one location. Are the access controls to these repositories of data commensurate with the value of the aggregated data stored within? How is access to these stores of data monitored, is it monitored??

On this “World Backup Day”, let us ensure that, in our endeavors to safeguard the visible frontiers of our organizations, we do not overlook the potential vulnerabilities arising from data exfiltration through the rear.

Let’s back up but let's also ensure that by doing so we are not presenting “pre-packaged data” for an attacker to steal.

Mitch Seigle, CMO at Spectra Logic

As World Backup Day dawns, it's essential to recognize the growing importance of fortifying our digital defenses against cyber threats. In an era marked by ransomware attacks and malicious breaches, businesses must prioritize comprehensive backup and archive strategies to ensure continuity and resilience. By adopting proactive cybersecurity measures and staying vigilant against emerging threats, organizations can navigate the digital landscape with confidence and integrity.

Jim Fulton, Vice President, Forcepoint

In a perfect world, the only threat to data security is a corrupted thumb drive. Reality is very much different, especially in a world increasingly reliant on remote work, cloud-based applications, and BYOD policies. World Backup Day is a reminder to prepare for the risks and implement robust data security measures to keep data employees safe.

One of the greatest risks associated with BYOD is data loss. When employees use their personal devices to access company resources, there is a risk that sensitive data such as customer data, financial information, and more belonging to the organization could be misused or stolen. Data loss is ultimately the outcome that organizations are fighting to avoid, but there are numerous types of risks that can lead to this result, including device infection, device loss or theft, shadow IT, unsecured Wi-Fi access, exposure of sensitive information, unauthorized access to sensitive data, and disgruntled employees.

Fortunately, there are techniques that allow organizations to mitigate the risks caused by BYOD devices in the workplace. These can include risk profiling, encryption, whitelisting and blacklisting, and finally AI-assisted behavioral analysis. Proactive approaches that prioritize data security first can help protect business information wherever it is stored and accessed by hybrid employees, including from BYOD and unmanaged devices.

World Backup Day is always a great reminder to keep BYOD policies up to date and prioritize data security everywhere within an organization. And remember, don’t forget that backing up is just part of what you have to do.

Sean Deuby, Principal Technologist, Semperis

The ongoing threat of ransomware attacks highlights the importance of cyber resiliency on World Backup Day. As organizations face sophisticated threats growing in speed, size and accuracy, the need for robust recovery processes with reliable backups is greater than ever before.

To significantly reduce recovery time and quickly resume normal operations, even after an attack, organizations need a dedicated Active Directory (AD) backup strategy. AD is used by 90 percent of businesses today as a fundamental system that both users and applications depend upon to function. But traditional backups that include AD most likely contain malware after an attack, making recovery time even greater. To quickly recover AD from a cyber disaster you need specialized, automated AD forest recovery that will return this identity system to a known secure and trusted state. Without AD-specific cyberattack recovery technology and processes, your business is at risk. AD-specific backups can speed up recovery and aid organizations in quickly returning to normal operations after a ransomware attack. What was once considered “nice to have” is now a “need to have” for organizations of all shapes and sizes around the globe.

I always recommend organizations take an “assume breach” mindset and encourage them to prepare now for the inevitable. When organizations are prepared to be resilient against cyberattacks, and understand which systems are most critical to their business, they can take steps to reduce their most glaring vulnerabilities, make their infrastructure sufficiently difficult to compromise and recover much faster from a compromise. Companies should also monitor for unauthorized changes occurring in their AD environment, which threat actors use in most attacks, and have real time visibility to changes to elevated network accounts and groups.

Radek Kubka, Senior Solutions Architect, Nasuni

Sunday, March 31 is World Backup Day, the tech industry’s initiative that encourages people and organizations to back up and so better protect their data. Once dismissed by observers as a low-level campaign for cyber hygiene, World Backup Day matters more than ever because it points the way for companies to focus on greater resilience against and faster recovery from cyber threats.

Many organizations are still putting their faith in traditional backup as a last line of defense when today’s 24/7 business operations demand that key questions about the risk to critical data and recovering from attacks are addressed before ransomware hits, including: How much time will it take to discover the attack? How much data could be encrypted during that time window? And does your data protection strategy scale?

Deepak Taneja Co-Founder, CEO, and President, Zilla Security

This World Backup Day serves as a reminder for businesses of all sizes to comprehensively monitor, review, and remediate permissions, as part of an overarching cybersecurity strategy.

Cybercrime is surging. In 2023, we saw a significant increase in cyberattacks, which unfortunately cost businesses $4.45 million on average.

Research has shown that most data breaches are rooted in access exposures, so identity security solutions have become key for organizations. The importance of continuously managing permissions to establish a strong security posture that protects the entire enterprise's digital estate cannot be overstated.

++

Andrew Eva, Global CIO, Assured Data Protection

As we mark World Backup Day’s 13th anniversary, we’re reminded of the constant threat to our personal and mission-critical organizational data. Cyber-attacks, and in particular ransomware, continue to plague the public and private sectors, with potentially devastating impacts.

With the threat from ransomware and other forms of cyber-attack remaining constant, it’s essential for organizations to become more cyber-resilient. This includes monitoring backup data for known threats, identifying suspicious activity to detect early warning signals of attackers in your environment, and recovering from ransomware and other cyber-attacks, on-premises or in the cloud, from immutable backups.

Rob Emsley, Director, Data Protection Product Marketing, Dell Technologies

1. Cyberattacks preventing access to data are at the highest percentage in more than five years. The monetary impact on organizations is considerable with costs more than doubling over our last report. Most organizations surveyed worry their existing data protection measures are unable to cope with ransomware threats and not very confident they could reliably recover in the event of a destructive cyberattack. Despite these perspectives, most organizations (59%) invest more in cyber prevention than cyber recovery. Knowing successful attacks are on the rise, organizations must carefully consider the balance between prevention and recovery.

2. GenAI could be a boon to data protection strategy, but increases threats as well. Beyond the impact of enhanced prevention and new threats, 88% agree GenAI is likely to generate large volumes of new data and increase the value of certain data types they will need to consider when mapping out their future data protection strategies.

3. Insurance may not completely cover your loss. In the end, 85% of organizations had to pay to access their data. So, while insurance policies can be a valid component of a cybersecurity strategy, organizations must understand their limitations.

Amitabh Sinha, CEO and co-founder of Workspot

The stark reality is that the average cost of downtime per hour can range from $100,000 to $540,000, highlighting the critical need for robust backup and recovery strategies. Today's top outages range from threats including ransomware attacks and natural disasters, making every minute of downtime potentially devastating.

A strong data recovery plan considers two key factors: the recovery time objective (RTO), meaning how quickly you need to be back up and the associated costs. Modern solutions, such as cloud-native VDI, offer flexibility and redundancy, but resource limitations can arise during crises. A multi-region, multi-cloud strategy strengthens leaders’ business continuity plan (BCP) by mitigating these capacity and availability issues.

Automated failover mechanisms and real-time visibility for end-users are crucial for a smooth recovery. These features allow users to access critical apps and data and maintain productivity with minimal disruption – often with just a single click. Additionally, rapid recovery solutions enable a swift return to normal operations after an incident. Real-time file synchronization also ensures your data remains accessible even during disruptions.

Implementing these strategies will significantly enhance enterprises’ disaster recovery readiness, safeguarding operations and employee productivity.

Ken Claffey, CEO, Panasas

World Backup Day serves as a timely reminder that traditional Backup/Recovery and Disaster Recovery strategies are no longer viable for Petascale workloads. As High-Performance Computing (HPC) takes center stage in solving complex problems across diverse sectors like manufacturing, healthcare, and finance, technology and user expectations have evolved. The rapid increase in Artificial Intelligence (AI) workloads also has increased the pressure on HPC computing infrastructure.

A key part of the answer lies in the adoption of parallel file systems, built on software that allows simultaneous data access with the fast movement of petabytes of data, significantly accelerates backup and restore times—a critical factor when dealing with massive data volumes. Scalability, ease of use, cost efficiency and reliability are paramount, but employing advanced data protection mechanisms, such as erasure coding, enhances data integrity and availability, and keeps data safe today and every day of the year.

Stephen Gatchell, Data Advisory Director, BigID

Data backup strategies must be inclusive across security, privacy and data perspectives to ensure data breach recovery, regulatory compliance, and business continuity. Understanding the value of critical data, time it takes to restore that data supporting business processes, and a clearly defined, easily understood and transparent management of customer and personal data should all be a focal point of data backup strategies.

Andy Stone, CTO, Americas, Pure Storage

Now and in the future, it's especially important for organizations to double down on building resilience and agility across their organization - not only for data, but for the business overall. This requires future-proofing critical IT infrastructure and implementing a modern data protection strategy with backup and recovery in mind. However, there’s often a misconception that deploying backup technologies will remedy the impact of an attack. Effective recovery planning isn't just about having a backup solution; it's about architecting a layered approach that prioritizes rapid restoration and resilience. World Backup Day is a welcome reminder for organizations to re-evaluate their security approach, and invest in the right mix of reliable technologies and effective processes to safeguard data in a constantly evolving threat environment.

Published Friday, March 29, 2024 7:33 AM by David Marshall