Backup is the core of the infrastructure for the enterprises. Right backup strategy can really put the organizations in the shape during the need of the business continuity and planning during the disaster.
Data backup and recovery is the process of backing up your data in the event of a loss and setting up secure systems that allow you to recover your data as a result. Data backup requires the copying and archiving of computer data to make it accessible in case of data corruption or deletion. You can only recover data from an earlier time if you have backed it up with a reliable backup device.
Backing up data cannot always restore all of your business operating systems data and settings. For instance, computer clusters, database servers, or active directory servers may need additional types of disaster recovery since a backup and recovery may not entirely reconstitute them.
Today, you can back up a significant deal of data using cloud storage; therefore, archiving your data on a local system’s hard drive or external storage is not necessary. What’s more, you can set up your mobile devices using cloud technologies to allow automatic data recovery.
Right Data Backup strategy to grow company
As business becomes increasingly digitized, the urgency of a data backup strategy continues to mount. Whether its ransomware, hacker or data lost to thrives or natural disaster, you trade secrets and customer database are at risk of being stolen and sold off if you don’t put the necessary protection in place.
It takes businesses many years to gather essential data, and the last thing you need is to lose your valuable digital assets to external or internal threats.
One of the most effective ways to shield your company against data loss is implementing a smart data backup strategy. If you’re not an expert in data protection and secure storage, working with a team of professional to ensure all bases are covered and your is an secure as possible.
Examples of Data Loss
There are numbers of ways your business could potentially lose company data. Some involve cybercrime; others could be the result of an accident or crash. Some of the most common causes of lost data:
- Ransomware attackers steal data and demand large sum of money to make it accessible again.
- Hackers could make their way into online storage accounts.
- Attacker could use malware to attack computer.
- Critical data could be deleted by disgruntled employee or accidentally erased. .
- Break-ins account for many companies losing data because the majority of electronic items that are stolen are never recovered.
Backing up to the Cloud
The pandemic has undoubtedly forced CIOs’ hands in the face of technical and compliance concerns. Backing up users’ devices directly to the cloud should be more reliable, easier for employees and, with the right controls, compliant with data protection regulations. The option to back up to private cloud instances provides further assurance.
But organisations are also looking at cloud-to-cloud backup. More on-premise suppliers now support backups for infrastructure as a service (IaaS) and platform as a service (PaaS), including cloud-native workloads and virtual machines, according to Gartner.
Backing up to the cloud also helps deal with another pandemic impact – IT staff no longer need to physically access the datacentre to manage storage.
Speaking on World Backup Day, Don Boxley, CEO and Co-Founder, DH2i, said, “Few would argue that an always-on and always available IT infrastructure is critical for the success of virtually any organization in today’s data-driven world. Likewise, few would disagree that backing up data is one of the most critical protections that an organization can implement to help ensure the ability to recover and maintain operations in the event of a failure, disaster or malware attack – such as ransomware. Yet, research has shown that while almost 90% of organizations are backing up, only about 41% backup daily, leading to a high number of companies admitting that they have had data loss events that have resulted in downtime.
Surya Varanasi, CTO, StorCentric, said “On World Backup Day, we are reminded that ransomware and other types of malicious malware can disrupt any environment. And further, while hundreds of thousands if not millions might be at stake for the actual ransom payment, the gravest consequences of ransomware is data loss and downtime. Both present almost incalculable expense, with significant downtime resulting in potentially millions in lost revenue, as well as costly legal fees and regulations compliance cost, in addition to a rise in insurance premiums and decreased customer trust.
JG Heithcock, GM, Retrospect, a StorCentric Company, said, “On World Backup Day we are reminded of the myriad reasons a sound data backup strategy and proven solutions are critical to the success of virtually all organizations, as it is a given that at some point most will suffer a failure, disaster or cyber-attack. However, given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack.
Organizations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
When Backups are No Longer Enough
Ramanujam Komanduri, Country Manager, Pure Storage India, said In 2022, ransomware is continuing to wreak havoc across the globe. With organisations of all sizes storing increasing volumes of sensitive customer data, there is no place for a ‘it won’t happen to me’ mindset. Leaders need to be thinking of the worst case scenario and prepare for rapid recovery after an attack.
Unfortunately, while backup systems have provided an insurance policy against an attack in the past, hackers are now trying to breach these too. Once an attacker is inside an organisation’s systems, they will attempt to find credentials to immobilize backups. This will make it more difficult, time consuming and potentially expensive to restore.
Organisations need a two-pronged strategy: advanced, immutable ‘snapshots’ of their data and an ability to not just backup fast but to restore fast and at scale. Immutable snapshots are protected because they can’t be eradicated, modified or encrypted – even if an attacker gains access to sensitive data. They are also relatively easy to restore, but depending upon how much data needs to be restored, snapshots might not be a viable option.
Traditional tape or disk-based backup can restore roughly one to two terabytes an hour. That’s not going to cut it for most organisations. Some flash based solutions can offer speeds of up to 270TB an hour and are needed to get an organisation up and running with minimal negative impact.
With a multi-faceted cybersecurity strategy reinforced with snapshots and a rapid restore solution, the restoration phase after a ransomware attack can be reduced from several weeks to just a few hours. This will minimise the impact on users, customers and potential reputational damage suffered from being offline for a prolonged period of time.
World Backup Day: Here’s what some industry experts say:
Mr. Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies India “In today’s era of accelerated change and digital transformation, businesses in every sector need to do more with less. With businesses in India running workloads in a hybrid environment, it is critical to securely store data in multiple spaces like databases, file servers, and network-attached storage (NAS). While considering a solution that gives businesses the flexibility to access, upload, protect and analyze data, an asset that will have the advantage of long-term retention, reporting and insight into cloud storage use, will serve Indian organizations better.
Data use and storage have undergone dynamic changes. According to the Dell Technologies APEX Backup Services study, 65% of IT decision-makers lack confidence that they will recover all systems or data to meet SLOs following a data loss. An as-a-Service model can be a redefining solution for businesses across where an enterprise solution provider manages their data needs while they focus on business growth. 25% of IT decision-makers indicate that database or data management workloads are a good fit for the as-a-Service model.
As a global leader in data protection solutions, Dell Technologies’ enterprise backup solutions can protect everything from laptops and other edge devices to the largest enterprise data centre, along with data and applications residing in on-premises infrastructure, and virtualized environments including public, private and hybrid clouds. With many options for backup storage, backup software, integrated appliances and data protection and recovery solutions, Dell Technologies makes it easy to implement powerful tools for backup, recovery, data archiving and data replication that can help to protect business-critical data, improve uptime and ensure data availability. Dell Technologies’ new SaaS-based Apex Backup Services offers end-to-end scalable, secure data protection with centralised monitoring and management for SaaS applications, endpoints and hybrid workloads.
This World Backup Day should be a welcome opportunity for businesses to reconsider their storage solutions and upgrade to safer cloud environments secured by cutting-edge data protection amenities, which will support their digital transformation journey.”
Kumar Vembu, CEO and Founder of Gofrugal, said “Data is the new oil, said a sane soul. The only difference is that oil would run out in a few years. Data, on the other hand, keeps getting accumulated exponentially. With more than 50% of the world’s population using smart-phones and digital devices, with new ones adding day by day, there are massive amounts of data created.
We walk, talk, eat, drink and breathe data. We are constantly leaving behind digital footprints. More so, when we engage with online platforms and are engrossed with digital channels. What most of us fail to notice, far less comprehend, is the lurking dangers and sneaking threats that we invite unintentionally. We hardly realise the growing platforms using AI + data to understand our choices and apprehend our preferences, and use our own personal information to create personalised experiences.
It’s time we all woke up to the realities and compulsions of data protection at large. It’s not just about data backup and restore methods, but it’s also about freeing businesses from digital slavery. It is the capacity to decide what data should be stored, how it should be used or not used, and to make sure it doesn’t make us enslaved by hardware and enchained by software.
It’s not just individuals who are unaware and unprotected. Over, 90% of small and medium size retail and distribution businesses are not aware of the impact of data protection. According to a global survey by a cybersecurity firm, 57% of organisations suffered unexpected downtime last year because of data loss. The findings also revealed that while 91% of individuals backup data and devices, 68% still lose data because of hardware or software failures, out-of-date backup, power fluctuations, theft or accidental deletion. The backup methods are not regular and sometimes even a day’s or week’s day is lost because of manual methods.
This World Backup day, businesses need to understand and commit to the importance of data backup and enjoying freedom of sharing data in a secure environment. It is high time the world moves from celebrating backup day to daily backup!”
Sandeep Bhambure, Vice President, Veeam Software – India & SAARC, said, “It is evident that the dependency of businesses on data, and the amount of data generated by them is consistently growing. This is creating new challenges for organisations of all sizes, making them even more vulnerable to cyberattacks. According to Veeam Data Protection Report 2022, 84% of Indian organizations suffered ransomware attacks, making cyber-attacks one of the single biggest causes of downtime for the second consecutive year. The report also found that Indian organizations were unable to recover 36% of their lost data on average and 90% of organizations were unable to recover at least some of the data they had lost. Hence, it is essential that businesses have a comprehensive data backup plan in place to be fully prepared at the time of a data breach. That’s not all! Only backing up may not protect your data from ransomware – it is equally important to ensure that the backup is well protected and securely stored. Organizations need to ensure their data protection capabilities keep pace with the demands of their business, to close the gap between how much data they can afford to lose after an outage versus how frequently data is backed up.
World Backup Day: Backups Are Essential but also a Ransomware Target
Intelligence needed for a quick and reliable recovery process, Index Engines explains
CyberSense, powered by data integrity software company Index Engines, today highlighted the need for cyber-protected backup platforms as World Backup Day returnes. Index Engines emphasizes this as ransomware has been successfully penetrating firewalls and attacking organizational data as the number of attacks accelerated in 2022. As a result, analysts and hardware providers are preaching backup as the best way to recover and is the primary approach organizations are relying on for their cyber resiliency strategy.
In this evolving environment, an alarming trend is on the rise with more sophisticated ransomware attacking and disabling backup to cripple organizations and drive ransom demands higher. FBI alerts and top security publications have highlighted these issues in the following:
· Sabbath Ransomware Gang has been terrorizing North America by targeting and destroying backups. They then demand 7-figure ransoms for the stolen copy of the organization’s data back. https://securityintelligence.com/news/sabbath-ransomware-critical-infrastructure-backups/
· The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned : Malicious actors have also added tactics, such as encrypting or deleting system backups—making restoration and recovery more difficult or infeasible for impacted organizations. https://us-cert.cisa.gov/ncas/alerts/aa21-243a
· Conti Ransomware Adds Ability to Compromise Backups, according to a report published in September, which details how Conti has honed its backup destruction to a fine art. After all, backups are a major obstacle to encouraging ransomware payment.
“Organizations are overly confident that their backups have integrity and can be used to recover data when they are hit by a ransomware attack, Index Engines, vice president Jim McGann said. “Cyber criminals do not want organizations to easily recover, so they have set their sights on backup; corrupting, encrypting or deleting them, to make a very challenging to execute a reliable and timely recovery. This allows them to ask for more extreme ransoms.”
Backups are not enough, according to experts at Index Engines, the makers behind CyberSense, a solution that detects signs of data corruption and facilitates quick recovery from a ransomware attack. Backups can be compromised, as we are now seeing. Relying on backups to recover from a ransomware attack is no longer a viable strategy and it is important to validate the integrity of data in backups and the backups themselves to have confidence that a quick and reliable recovery process can be executed.
But backups are the right place to start, as long as it addresses the influx of sophisticated attacks that are already being seen and will continue become the “industry standard” for ransomware in the coming quarters.
Backups should provide the isolation needed from cyberattacks, immutability from destructive threats, and, most importantly, the intelligence to know if that data has already been compromised. This includes:
· Isolation. Cybercriminals cannot access, steal and corrupt data they do not know exists. Isolating backups of core infrastructure, critical files, and databases with an operational air gap offers an integral first step to keeping data out of reach.
· Immutability. Deploying advanced technology to lock down the protected data and ensure that no bad actors can tamper with it, corrupt it or destroy it is critical to ensuring reliable recovery. There have been many instances of cybercriminals or insider threats destroying backup catalogs and data sets to create an unrecoverable environment. Immutability will provide confidence that data is secure and protected from harm.
· Intelligence. It is off the network and tamper-proof. But, is the data good? Sophisticated attacks, attacks that hide deep inside the content, are becoming more commonplace and circumventing detection tools. Adding machine learning and full-content analytics to this secured data offers insight into how the data has changed and can alert to signs of corruption. Early detection provides the ability to recover quickly with confidence that data is clean. Leveraging intelligence can limit data loss to hours and specific files, not days, weeks and complete backups.
“Companies need to get their business operational quickly,” McGann explained, “but this leaves organizations with few options, many of which aren’t ideal for business operations. Paying a ransom and getting encryption keys is a common path they seek, putting them on a list for another attack and putting their faith in cyber criminals the encryption keys will work. Or they spend days searching for good backups so they can restore clean data resulting in a major delay to return to a steady state.”
“This is where intelligence comes in. Being able to know what was compromised and when, allows for an intelligent return to business operation quickly.”
76% of organizations suffered downtime and data loss in 2021, system crashes, human error and cyberattacks to blame
Acronis, the global leader in cyber protection, has released its annual Cyber Protection Week Global Report 2022 timed to this year’s World Backup Day. The report which surveyed over 6,200 IT users and IT managers from small businesses to enterprises across 22 countries, exposes some of the most critical shortcomings appearing in cyber protection practices today, examines why they’re appearing and offers guidance on how they can be fixed.
One of our key findings last year was that 80% of organizations ran as many as 10 solutions simultaneously for data protection and cybersecurity — yet more than half of them suffered downtime because of data loss. Clearly, more solutions do not translate into more protection.
This year, we see that trend getting worse: while 78% of organizations globally run as many as 10 different solutions, 76% of organizations experienced downtime due to data loss — a 25% increase from 2021. This downtime stemmed from a number of sources, including system crashes (52%), human error (42%), cyberattacks (36%) and insider attacks (20%).
As a result, 61% of global organizations’ IT teams now report a preference for integrated solutions that replace their complicated stacks of cybersecurity and data protection tools with a single, unified console.
“As the entire world is increasingly at risk from different types of attacks, accelerating to universal all-in-one solutions is the only way to achieve truly complete cyber protection. And that’s precisely the problem Acronis has set out to solve,” says Candid Wuest, Acronis V.P. of Cyber Protection Research. “Attackers don’t discriminate when it comes to means or targets, so strong and reliable security is no longer an option, it’s a necessity.”
Overconfidence as a trend: IT teams are overselling their readiness
We’ve traced another worrying trend that is responsible for cyberdefenses lowering and increasing IT security budgets:
- 70% of organizations’ IT managers claim to have automated patch management. However, based on any reliable industry research, only a handful of companies follow the 72-hour “golden time” for patch management.
- 82% also claim to have ransomware protection and remediation. Yet, successful attacks occur weekly and the size of ransom demands grows each year.
- 20% claimed to be testing backup restoration weekly. Again, not consistent with any other industry-issued data.
It seems that IT managers are trying to appear better prepared than they are; but that is, in turn, misleading their managers, boards of directors, industry analysts and customers.
However, if the overwhelming majority of IT managers indeed have these solutions, they aren’t using them right: they have simply stocked their IT stacks with all of the recommended cybersecurity technologies — spending more money in vain.
Our findings prove that organizations are spending more on IT security this year, but when we compare it to their overall IT budget, it becomes clear – organizations are still treating cyber protection as a “nice-to-have” not as a “must-have”:
- Half of organizations globally allocate less than 10% of their overall IT budget on IT security.
- Only 23% of organizations globally are investing over 15% of their overall IT budget in security — even despite the increasingly threatening cyber landscape.
Pandemic-driven spike in awareness proves temporary
Frequent backups that were fuelled by the shift to remote work are over: a third of IT managers only back up weekly, while another 25% back up monthly. Use of backup best practices is declining across the board — only 15% of organizations’ IT teams adhere to them.
Same as last year, 10% of IT managers still aren’t sure if their company is subject to any data privacy regulations — proving that IT managers, like IT users, get stuck in their ways.
According to our research, 86% of organizations globally are also concerned about the threat of increasing politically-driven cyberattacks caused by the worsening geopolitical climate — but their concern does not translate into improvements to their cyber protection.
Bottom line, the outdated approaches that professional IT teams have relied on for years are now actively failing them. A comprehensive, easy-to-follow approach is essential to achieving a more reliable, holistic protection for data, applications and systems – one that combines cybersecurity, data protection and management into one solution.
Users show concern over cyberthreats, but backup habits remain unchanged
Only one in ten users backs up daily, while 34% of users back up on a monthly basis — a staggering 41% of users back up rarely or never. Still, 72% of users had to recover from backup at least once in the past year (33% — more than once). Meaning that some of the users who chose not to back up have permanently lost their data:
- 43% of users update a week or more after an update release — of those, 7% take more than a month to perform these recommended updates. A decline in response time compared to 2021. · While only 12% of users are following the recommended hybrid model of cloud and local backup storage, users have doubled down on cloud backup: for 4 years, we saw local backups shrinking from 62% in 2019 to 33% in 2022 — at the same time cloud backups jumped from 28% to 54%.
- 66% of users would not know or be able to tell if their data had been modified.
- 43% of users are not sure if their anti-malware solutions could protect against new and emerging cyberthreats.
What we see here is a massive gap in how organizations and individuals approach cyber protection in theory — and in practice. Acronis provides a number of solutions that are able to bridge that gap — among them Acronis Cyber Protect, used by over 20,000 service providers to protect more than 750,000 businesses.
For more global and regional insights, check out the Acronis Cyber Protection Week Global Report 2022 and the regional deep dives — download the reports for free on our website.
About Acronis Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. With flexible deployment models that fit the demands of service providers and IT professionals, Acronis provides superior cyber protection for data, applications, and systems with innovative next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions powered by AI. With advanced anti-malware powered by cutting-edge machine intelligence and blockchain based data authentication technologies, Acronis protects any environment – from cloud to hybrid to on premises – at a low and predictable cost.
Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, and top-tier professional sports teams. Acronis products are available through over 50,000 partners and service providers in over 150 countries and 26 languages.
Mr. W. Curtis Preston, Chief Technical Evangelist, Druva, said, “From smartphones, autonomous vehicles and streaming services, to even the local Mom and Pop shop down the road, the connectivity powered by digital transformation is driving an explosion of data. This exponential growth presents a vast opportunity for businesses to turn data into knowledge and insights that can ultimately shape products, services, and our lives. Yet the complexity and criticality of our information is immense. And protecting it has never been more challenging than the present day as cyber attacks, fueled by the current geopolitical landscape, continue to surge.
As governments around the world urge companies to raise their defenses, there is no better time than on World Backup Day to pose the question: Is Backup enough?
Is identifying data loss after an attack the best approach? Or should systems actively identify, alert, and respond to potential threats before they arise? Manually shifting through dozens of backups for untampered files is no longer a sufficient approach to restore data. With the pace of business and increasing lack of specialization, we need systems which actively recommend the best restore options to minimize data loss without business disruption.
As organizations seek to move their business forward and safeguard critical data against today’s threats, solely relying on backup is no longer a sufficient strategy. Businesses must adopt a modern approach to data resiliency – one that is grounded in the cloud, positions teams to recover data rather than just trying to make a backup, stops ransomware attacks before they spread, and protects data and applications against emerging threats. This World Backup Day, instead of solemnly swearing to just back up your most important data – reevaluate your protection strategies and take the pledge of resiliency.”