Ransomware, AI the new considerations for backup strategies

While we acknowledge that preventing data loss and data theft is important, World Backup Day, March 31, is a concrete reminder of the need to back up and better protect your data. 

The consequences to poor data protection are worse than ever. Nathan Hall, VP of Asia Pacific & Japan at Pure Storage, pointed out that new regulatory standards mandate swift restoration of services in critical industries. 

"For instance, the Monetary Authority of Singapore requires banks to restore critical systems and services within four hours following an outage. This is difficult to achieve with legacy data storage solutions, which were never designed with fast recovery in mind. Apart from downtime, implementing advanced data protection capabilities to prevent data loss caused by ransomware attacks continues to be a challenge across all industries, resulting in both financial and reputational damage," he said.

According to Sophos, ransomware groups are specifically targeting companies’ backups in their attacks. Sophos’ survey data has shown that organisations that had their backups compromised:

- Received almost double the ransomware demand. The median demand was US$2.3 M for those with compromised backups, versus US$1 M for those without

- Paid almost double the ransom. The median ransom was US$2 M for those with compromised backups versus about US$1 M for those without

- Incurred eight times higher overall ransomware recovery costs. The median recovery cost was US$3 M for those with compromised backups versus US$375,000 for those without

John Shier, Field CTO, Sophos said: "Backups are integral to an organisation's resilience. Therefore, it's not surprising that attackers proactively attempt to compromise them. Early detection and a swift response to anomalous activity on a network can prevent attackers from reaching backups in the first place. 

"Without complete and reliable backups, ransomware attack victims could be forced to make choices they might otherwise avoid, such as paying a ‘basic’ ransom or paying an even higher than normal ransom because there’s no other recourse to get that data back. Ransomware attacks can have serious impacts on business operations; without dependable options for recovery, they can be devastating."

Chee Wai Yeong, Area VP, APJ, Rubrik, said that this year's theme for World Backup Day, Saving Digital Memories, struck a chord as it echoes the findings of Rubrik's latest Zero Labs report. Yeong shared that 62% of organisations in Singapore grappled with sensitive data loss last year. "Despite significant investments in security infrastructure, perimeter defences continue to be thwarted. As such backups, an organisation’s last line of defence, are more important than ever," he said.

Kelvin Lim, Senior Director, Head of Security Engineering, APAC, Synopsys Software Integrity Group, said that it is crucial to recognise the pivotal role of data backup and recovery in fortifying businesses against unforeseen challenges.

“Data is the digital asset for an organisation. The loss or irreparable corruption of data can disrupt workflows, hinder decision-making processes, and even jeopardise the very existence of a business. Hence, implementing a robust data backup and recovery solution becomes imperative as the last line of defence against potential threats like cyberattacks, human errors, hardware failures, power outages, and natural disasters,” he pointed out.

“Moreover, in an era marked by escalating cyberthreats, data backup can help to bolster cyber resilience by speeding up recovery time. This minimises the downtime and operational disruptions caused by cyberattacks, like a ransomware attack. Backups are an effective ransomeware mitigation strategy, as it allows companies to recover their data without paying ransom. This not only mitigates financial losses but also enhances organisational agility and responsiveness in the face of adversity.”

Matthew Hardman, CTO, APAC, Hitachi Vantara shared that Hitachi Vantara’s Modern Data Infrastructure Dynamics report had found that 60% of Asian companies feel overwhelmed by the data deluge, and almost three-quarters are concerned with infrastructure scalability.

"The rise of hybrid environments can present even greater and more unique challenges for data protection. Legacy data protection appliances may not be capable of looking across entire on-prem and cloud-based set-ups. Legacy data protection workflows may also be more vulnerable to attack, as they lack the scale to meet the performance and capacity demands of hybrid environments," he noted.

Updated strategies needed

Michel Borst, Area VP, Asia, Commvault said businesses need to "move past the archaic approaches to data protection and security", including backup and recovery. "We need to think out of the box and get the most out of what technology has to offer to solve modern enterprise challenges. For instance, there is so much to be used from AI – from real-time threat detection and proactive defence to intelligent and quick recovery," he said.

Justin Chiah, VP and GM, Data Services and Storage, Asia Pacific, HPE, called for the modernisation of backups as well. “With data driving so much strategic business decision-making, protecting organisational data is a critical priority for Asia Pacific (APAC) enterprises. Traditional backup and recovery solutions are increasingly struggling to comprehensively protect the rapidly growing data volume, especially in hybrid IT environments. Many organisations are facing growing complexities in managing backups across environments, with slow data recovery times affecting business continuity,” he said.

“Many backup solutions also do not offer adequate built-in ransomware protection capabilities to defend against highly advanced cybersecurity threats. Modernising data backup and recovery is now do-or-die for APAC organisations, especially with surging AI adoption driving exponential data growth.”

"Despite its importance to cyber resilience, many organisations still rely on legacy backup infrastructure," Yeong agreed. "These traditional backup methods were created with low frequency/high impact events like natural disasters in mind and were never designed to deal with the dynamic, fast-paced nature of today’s cyberattacks. However, with the increasing adoption of technologies such as AI, machine learning (ML), and automation, today’s backup solutions offer rapid data recovery, decreased downtime, and enhanced resilience against even the most sophisticated cyberthreats."

The ideal solution

"As Asia-Pacific enterprises amass unprecedented amounts of data and pursue new projects such as generative AI, safeguarding critical data while optimising workload performance becomes paramount. A comprehensive data solution must provide scalability, extensibility, and cost-efficiency for AI workloads, alongside rock-solid security measures for reliable protection and rapid recovery of business data and applications," said Sunil Chavan, VP Asia Pacific and Japan, VAST Data.

"Mitigating risks from ransomware and other threats to AI models and application datasets requires support from a Zero Trust architecture, offering granular access control, multitenancy with strict isolation, robust encryption, key management, and intelligent threat detection capabilities. Aligning with frameworks such as NIST or Australia’s Essential Eight maturity model provides a solid foundation for protecting against, detecting, responding to, recovering from, and even preventing cyberthreats – which is crucial for ensuring ethical and effective technology use, including responsible AI practices. 

"Solutions often talk about data immutability, but it's not just about data integrity or trustworthy AI insights; it also needs to be cost-effective while staying compliant – with instant access during data unavailability being just as crucial to prevent disasters and maintain continuous operations."

Architecture requirements

"Data infrastructure can be an organisation’s biggest differentiator. By embracing an API-first architecture with seamless integration to tools for AI, analytics, data protection, and security operations, Asia-Pacific organisations can ramp up their cyber resilience, enabling smooth and secure collaboration across various platforms. 

"Moreover, the capability to flexibly scale across on-premises, edge, and cloud environments further enhances cyber resilience, empowering organisations to optimise efficiency and reduce costs by tailoring performance and capacity to meet the demands of rigorous workloads, particularly those involving AI and data protection," Chavan continued.

Chiah said businesses need a comprehensive backup strategy. “To build a robust, effective backup and recovery system, enterprises need a streamlined approach that consolidates backup and recovery operations in a unified management platform, which helps eliminate complexities and provide consistent protection to data, whether on-premises or in the cloud,” he advised.

“Backup and recovery solutions should also come with built-in data security and ransomware protection via encrypted and immutable backups. Encryption ensures backup data is unreadable to attackers, while data immutability prevents backup data from being modified or deleted by threat actors. Enterprise customers are increasingly demanding cyber resilient vaults that are both air-gapped and immutable because this approach optimises the accuracy of recovery points and the speed of application and business recovery.

"Organisations must endeavour to have clean backups," Borst added. "Anomaly detection, air gapping and early warning systems are fundamental to putting these clean backups in place. Only then can businesses stay ahead of the game and prevent cybercriminals from infiltrating the backup infrastructure. By getting closer to data, particularly the most critical datasets, any unusual activity – such as the encryption of a file – should be analysed and, if it is found to be malware, stopped in its tracks before it has the chance to spread.

"Clean backups are only as good as having a clean environment to recover into. A clean and safe environment is essential for testing cyber recovery plans, conducting secure forensic analysis, and ensuring uninterrupted business continuity."

Post-incident pressures

Hall said that backup strategies have to consider what happens after an incident. "For instance, storage arrays are often locked down for investigation by cyber insurance or law enforcement agencies after a cyberattack. Ransomware recovery service-level agreements from a vendor, along with storage-as-a-service (STaaS) subscriptions, can guarantee a new storage environment that facilitates recovery even if the original storage is unavailable for any reason," he advised.

Borst added that a recovery plan that is not tested is doomed to fail. "A major hurdle for organisations is the hefty and complex process of recovery testing. By utilising the power of the cloud and AI, recovery testing is now possible at a more reasonable cost and in a scalable manner. The cloud enables virtual environments to be created that are guaranteed to be malware-free so that clean backups and datasets can be restored and tested with confidence. Such cloud environments can be spun up and down to allow for regular testing whilst keeping costs low so that, in the most critical circumstances, rapid, frictionless, and reliable recovery is ensured," he said.

"It is all about cyber resilience – being able to withstand attacks and continue operations even when the worst happens."

A role for AI

Wasabi Technologies has found that 99% of APAC organisations are planning to adopt or are already implementing AI/ML solutions."This will inevitability add to the volume of data to be generated and stored," said Michael King, VP & GM, Asia Pacific and Japan, Wasabi Technologies.

"After all, the relationship is symbiotic: data is good for AI, and AI is good for data. This mutually beneficial relationship promises avenues for innovation – particularly in streamlining backup processes. However, safeguarding it takes equal precedence. Ensuring the availability and accessibility of this data is not merely optional; it is an imperative to maintain compliance and competitiveness.

"Furthermore, the present-day business landscape is already fraught with the inevitability of ransomware attacks and other cyberthreats – and AI can exacerbate these risks. Recognising the inherent vulnerabilities of cloud platforms to cyberthreats, business leaders must then assess if their current strategies are sufficient to protect their data in today’s digital climate. Prioritising digital advancement should not come at the expense of data security and loss."

Chiah also suggested that businesses lean on AI for backup support. “Enterprises can also leverage AI-powered solutions to supercharge backup and recovery. AI can automate data backups to ensure frequent and safe backups, while making data recovery faster and more accurate. AI and machine learning can also improve the robustness of an organisation’s response to data loss incidents by helping to detect anomalies and identify potential security risks, such as identifying the point of infiltration of a ransomware encryption,” he explained.

Yeong touched on the AI aspects of backups as well. "As more organisations embrace AI-infused backup solutions to stay ahead of cyberthreats, it is imperative to prioritise solutions that embed AI-native architecture for seamless integration and efficient anomaly detection. Further, following a ransomware attack, there is often panic and finger-pointing between security and infrastructure teams which can delay the recovery process. 

"Generative AI solutions can help eliminate the blame game between these teams during the data recovery process by providing a clear path to recovery. This approach enables security teams to work cohesively with the data to identify anomalies, ultimately securing data while minimising business disruption," he said.

The automation advantage

Vincent Tang, VP, Asia, Epicor, said that businesses should have automated backup solutions and failover options. "It is a misconception that the primary cause of data loss and system downtime is natural disasters. However, more often it is a hardware failure, a corrupt database, or human error that leads to lost data. The demand for instant business recovery corresponds with the high expectations regarding the value anticipated from enterprise resource planning (ERP) systems to cater to customers’ needs," he said.

Like Chiah, Tang advocated a platform-based solution. "Inventory can be replaced; however, the loss or damage of customer data or operational data renders it irreplaceable," he said.

"To establish a resilient and efficient backup and recovery system, organisations need a unified management platform that centralises backup tasks within, providing real-time, off-site data backup storage in a secured environment. This approach simplifies processes, ensuring consistent data protection across on-premises, and cloud environments, while reducing complexities."

Tang shared that failover support is crucial as the business does not stop when the system is unavailable. "(The latest restored data) can guarantee a swift return to operation in the event of data loss or total system failure, avoiding the expensive consequences of such occurrences," he said.

Best practices to follow

Lim's list of best practices include:

• Align backup to business and regulatory requirements. Ensure that the recovery time objective, and recovery point objectives can be met with the existing backup and restoration solutions.

• Ensure that the backup copies are kept safely and meet the retention period requirements.

• Backup data should be encrypted.

• Test the recoverability of the backup data. There should be zero errors in the recovery process.

• Don’t confuse data backup and data retention, they require different solutions.

• Keep and maintain good documentation of backup policies and media.

• If your backup data is stored in a proprietary format, ensure that you maintain the means to restore the data years down the road 

• Follow the 3-2-1 backup practice: 

◦ Keep three copies of data, the original data, and at least two backups. 

◦ Use two different storage types. E.g. if primary data is stored in an internal drive, the backup data should be stored in an external drive, tape or cloud.  ◦ Keep at least one copy of the backup data in a different physical location from the primary copy of the data.

When it comes to cloud storage, Wasabi Technologies had this to add:

• Zero Trust approach to cloud storage. King said: "This approach requires rigorous authentication and authorisation for all organisational members accessing sensitive data – encompassing strategies such as end-to-end encryption, two-factor authentication, and immutable buckets to limit user access. This creates a robust defense mechanism safeguarding the information from alternations, deletions of encryption attempts orchestrated by malicious actors."

• Selecting cloud vendors prudently. "Most cloud providers often charge an egress fee for data moved from their cloud back to on premises, which is the case whenever a recovery occurs. Selecting cloud vendors that specialise in storage could have businesses experience immense benefits from cost-free access to data within seconds," stated King.

"Replicating numerous copies of data isn't conducive to efficiency; instead, businesses should adhere to an effective data management principle, especially considering the region’s tendency for overspending," King added. 

Performance considerations should also be a factor. Hall said: "Pure Storage recommends a two-pronged approach to data protection: regularly creating immutable copies of data, and adopting robust infrastructure to rapidly restore backups at speed and scale. 

"A good practice is transitioning from traditional tape or disk-based backups – which are optimised for backup, but not recovery, and therefore have lengthy restoration times – to flash-based data storage solutions. Advanced flash-based storage solutions have failure rates two to five times less often than disk-based solutions, can deliver recovery speeds of hundreds of terabytes per hour, and are able to restore ransomware-immune backups in a matter of minutes or hours at any scale. This allows organisations to resume business operations immediately in the event of an outage."

Conceptual artwork representing data storage generated by Blue Willow. Hexagon pattern.
Conceptual artwork representing data storage generated by Blue Willow.


Data governance

There is a bigger picture beyond backup as well. “It’s no secret that digital assets are as valuable as gold. While organisations have their data protection measures and continuity plans locked into place, safeguarding their data will need to go one step further and weave in a holistic strategy that addresses concepts like data governance," said Remus Lim, Senior VP, Cloudera APJ.

"Keeping in mind the high-volume usage of AI to streamline processes and even be applied for data-driven decision making, it is imperative that alongside having your data being safely stored, businesses need to be able to trust the inputs at a foundational level. As organisations leave their digital footprints in using and exchanging data, more must be done to foster a culture of data management in the face of data breaches and crimes," he suggested.

"World Backup Day is a timely opportunity for us to reassess our backup and recovery strategies and ensure that our data management practices are robust, resilient, and ready for future challenges. Effective data management is not just about preventing data loss. It is about ensuring business continuity, protecting customer trust, and maintaining a competitive edge," concluded Hardman.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more