World Backup Day 2023: advances, gaps and threats

World Backup Day, 31 March, is a good time to remember how important data is to the way we live today. "From a security perspective, data backups are almost as important as having digital protection or endpoint security software. In essence, it should be an integral part of any data protection a person or an organisation might be inclined to do, as data integrity and having failsafe measures in case of critical failures is…well, critical," stated ESET.

"As for companies, losing access to project documentation, financial and account data, sales, marketing, human resources, and more would have a significant economic and resource impact on a company’s operations going forward after data loss."

Wee Tee Lim, Regional VP for SEA and Taiwan, Cloudera, said that World Backup Day is a prompt reminder for organisations and citizens to ensure they have effective measures in place to secure and protect their data. "For many businesses, data is their new gold. I’d like to think of data as the new oil. But just like oil, bad things can happen if there is a leak or spill, or in the case of World Backup Day, a breach," he said.

"Data backup is a critical aspect of a comprehensive modern data protection strategy for businesses of all sizes. Businesses not only need to have a backup strategy but they need to re-evaluate it from time to time and there’s no better reminder than World Backup Day," said Pratyush Khare, VP, Systems Engineering, Asia Pacific & Japan, Pure Storage.

"Almost everyone is familiar with the benefits of backing up your data, whether on your phone or laptop, but for an organisation, that data could be many terabytes or even petabytes so that is a much more complex process but they need to do it for many reasons, including compliance or regulatory but more than that, for business resiliency.

"Keeping a good set of data that you can restore quickly can be a matter of survival for a business that has been hit by for example, a ransomware attack."

"At both the personal and business levels, backups are absolutely crucial. Hackers are looking at all of us as targets…so we should all be doing everything we can to keep our nation’s data secure, including the ability to recover it if compromised,” said Jon France, CISO of (ISC)2.

Backup is more sophisticated today

Richard Farrell, Asia Pacific Director of Digitalization, Cloud and Data Centres Segment, Eaton noted: "Today, constant access to data has become increasingly critical for innovation and day-to-day operations across the world. For many businesses, data is no longer just stored in the server room, but also on the cloud. This could range from information exchanged over messaging platforms to file storage and emails. The range of factors threatening data loss has expanded, and avoiding the cost of downtime for critical information infrastructure providers such as banks, hospitals and data centre facilities is especially pertinent."

Gary Gardiner, Head of Security Engineering, APAC, Check Point Software Technologies, also commented on how data backup has changed: "Over the years, organisations have moved from single-device tape backups to centralised storage of backups transferred over the LAN to cloud-based solutions to back up their data. These solutions promise better management and efficiency in storing and maintaining a massive amount of data."

"However, many companies miss out the principles of data security, which are integrity and confidentiality. Companies seem to downplay the importance of backup and feel that it is the responsibility of the IT team to secure the data, and for the cloud provider to maintain the availability of assets."

LAN refers to local area network.

The importance of data security

The story of backup is closely tied to ransomware. As ESET noted, "losing access to data due to
wiperware or ransomware might incur a higher financial or reputational cost."

While ransomware aims to make data inaccessible until a ransom is paid, wiperware simply destroys the data permanently.

"With ransomware attacks constantly garnering headlines, organisations should get used to the fact that it is impossible to prevent ransomware attacks entirely. It’s a question of when their operations will be be affected by ransomware, not if," said Manikandan Thangaraj, VP of Program Management, ManageEngine.

"The only way in which organisations can withstand the threat of ransomware is by investing in disaster recovery solutions. Disaster recovery-as-a-service (DRaaS) has been on the rise for the past few years and its market size is predicted to reach US$41.26 B by 2030. The winner of the battle between the backup service providers and threat actors who leverage ransomware will be determined by how quickly DRaaS providers can react to potential new threats." 

Gardiner also warned that cybercriminals will happily damage backups. "As we know, ransomware is one of the main threats facing organisations today. The loss of data and reputation can be catastrophic to a business and its customer loyalty. Yes, backups may recover your data from these attacks. However, threat actors are not only looking at encrypting companies’ data at rest but also the backups if they can," he explained. 

"On top of that, they will steal the data gotten for their own use. That is why modern businesses should think about preventing attacks before they come, because when you detect a suspicious activity, it is already too late."

Performance matters

"The more data transactions that occur, and the more data we hold, the better our systems and tools need to be to handle it. We’ve been playing catch-up with attackers for some time, and we should anticipate that the adversary will still be one step ahead of us. However, there’s hope, especially with how much artificial intelligence (AI) and machine learning (ML) technologies are coming into play. 

"AI and ML tools are phenomenal at identifying and contextualising problems we may not see without those capabilities. They essentially eliminate the 'needle in a haystack' problem where an attacker can hide in the crowd and appear as a legitimate actor," France said.

France further commented, “When it comes to backups, education, awareness and empowerment are crucial. We need to communicate that even though there are professionals available to handle the more technical work, the responsibility also falls on the everyday person to create a safe, secure world. At the individual level, everyone should have a plan for the recovery of personal files, utilise cloud services, know what they treasure most and protect it."

France also said that he expects more threats to our data to appear as technology evolves. "But there’s no need to panic – employing good cyber hygiene is the best way to keep your data secure. And if businesses are worried about the threat their employees may pose to their corporate data, it’s time to get that workforce trained on the benefits of backups and the potential risks of not backing up," he pointed out.

Data warehouse backup concept art generated by Dream by WOMBO. Colourful 2D and 3D shapes represent data in various states.
Data warehouse backup concept art
generated by Dream by WOMBO.

"Many organisations today continue to struggle with how to effectively manage, govern and secure their data. Establishing strong data privacy and governance policies is important to reduce data exposure and regulatory risk," said Lim.

"There are two sides to data privacy and governance – categorising sensitive data and ensuring it doesn’t fall into the wrong hands. A defense-in-depth approach, which involves the coordinated use of multiple security countermeasures to protect valuable data, is crucial to tackle security risks. This means that if one mechanism fails, another steps up immediately to thwart an attack."

Thangaraj suggested organisations consider solutions built on the Zero Trust security model to ensure data security. "When it comes to data backup and recovery, using a Zero Trust strategy will boost your data security because you'll be authenticating both the user and the device initiating the backup. Of course, achieving Zero Trust is a long and challenging journey, but it is a must for organisations that care about data security. 

"Zero Trust network access (ZTNA) is anticipated to increase by 31% in 2023 according to Gartner, making it the fastest-growing area of network security," he said.

"Another recommended strategy to meet today's evolving threats is to implement the 3-2-1-1 backup rule—which is an update to the popular 3-2-1 rule with the extra '1' covering immutable storage. Immutability will restore your data to its original, unaltered state and get you back in operation within minutes of a breach, so you can be sure that you can recover your data even after a successful attack." 

"Today, organisations can no longer rely on taking a reactive approach to protecting themselves," observed Chua Chee Pin, Area VP – SEA, Japan, Korean, Hong Kong, Taiwan for Commvault.

"Inserting more friction into an attacker’s modus operandi, such as cyber deception, will help put organisations one step ahead of the game. Decoys are deployed to throw the attacker off course and lure them to fake assets, rather than the real ones. Organisations are then alerted as soon as the attacker enters the decoy IT environment so security teams can take immediate action to rectify the matter."

Going forward, backups have to evolve, said Gardiner. "I don’t think we can look at backups in the old way that we used to. There are perhaps still some legacy systems that may require the old approach, but in today’s digital world, agility is critical. It is evident in all these new systems we see and use today — it is imperative that the speed and agility of the backup solution matches those requirements too," he said. 

Khare agreed. "While data backup is a must-have for every business, choosing a data backup solution must be based on factors such as cost, scalability, ease of use, and security. It is also essential to have a data recovery plan in place in the event of data loss. Data recovery methods include restoring from backups, using data recovery software, and seeking professional data recovery services.

"Currently, many companies rely on cheaper legacy storage options such as hard disk but these are more prone to write errors and take a long time to restore particularly if they are cold data that is stored in remote locations without network connectivity. Flash is increasingly becoming a viable option especially as the cost of nand starts to fall and match hard disk prices."

A write error is an error that occurs while storing data and makes the data inaccessible, while flash storage is a different way of storing data compared to traditional hard disks. Traditionally, power is required to store data in a hard disk, but with nand flash storage, power is not needed. Nand flash is the type of storage used in our mobile phones today.

Khare added that companies need to have a clear strategy in place when deciding how they would want to create and secure their data backup. He said best practices for data backup include:

● Establishing a backup schedule that fits the needs of the organisation. 

Consider factors such as the amount of data, the frequency of changes, and the criticality of the data. Regular backups can help ensure that important data is protected and minimise the impact of sudden data loss.

● Testing backups regularly. 

This can help ensure that they are functioning correctly and that data can be restored in the event of a data loss. Regular testing can also confirm that backups are being completed in the desired timeframe, and identify other issues with the backup process that need to be addressed.

● Encrypting backup data. 

Much of the data breaches and losses stem from unauthorised access and poor security. Encryption should be used for both data at rest and data in transit.

● Formulating a disaster recovery plan. 

A disaster recovery plan outlines the steps that need to be taken in the event of a disaster or data loss. The plan should include information on data backup, recovery procedures, and executive roles and responsibilities.

● Have the means to rapidly restore data. 

In the event of a ransomware attack or a natural disaster, being able to restore your backup data quickly and at scale is critical, especially when we are talking huge amounts of data.

● Securing backup locations. 

Backups should be stored in a secure location – whether offsite, cloud or onsite – that is protected against physical threats such as theft, fire, and natural disasters.

● Training employees on data backup best practices. 

Such training should include the basics of how to initiate backups, store backup media, and test backups. This can help maintain standard backup performance across the board and build awareness among employees on the importance of secure data backup.

Farrell concluded: "Beyond data backups, a robust data resiliency strategy requires a close look at the organisation's entire infrastructure and network to address all possible cybersecurity vulnerabilities and threats; and with the continued digitalisation of supply chains and production lines, organisations increasingly need to ensure that operational technology infrastructure are equally, if not more secure than IT infrastructure to be resilient against both human error and malicious attacks.

"In recent years, the growing prevalence of cyberattacks and malware has also spotlighted the need to backup and secure one's data. However, it’s important to recognise the many other threats to data loss that result in power outages and take entire systems offline – such as natural disasters, fires, hardware or software failures. IT teams increasingly need to work with facilities teams to ensure the facility has access to uninterruptible power with a smooth transfer to an emergency or backup power supply when such power outages occur."

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more