Suppliers respond to World Backup Day 2023

You don’t have to search long for news about ransomware or data loss. So it is clearly not redundant to pay regular attention to making backups and making sure they are restorable. Since its inception in 2011, World Backup Day has proven its worth as an annual beacon, although by 2023 we all agree that backing up is just one link in the chain. Things like distributed data, increasing cyber threats, growing attack vectors and laws and regulations require a holistic approach to data protection. Here is what the industry has to say about this.

Data protection has changed significantly in recent years. This is directly linked to the increasing sophistication of cybercriminals – previously, they would typically gain access to an organisation’s data and encrypt it, rendering it incomprehensible to employees and of no business use. Bart Tournier, Sales Director Benelux at Commvault, explains, “That’s why it’s so important to make sure you have a secure copy of that data. Organisations had a spare dataset they could restore and then it was business as usual again. But cybercriminals have changed tack; they are increasingly moving from encrypting data to threatening to publish it. This has wider consequences, including reputational damage, heavy fines and possible loss of competitive advantage.”

As a result, organisations need to approach data protection differently, says Tournier: “It is no longer enough to just back up, it is important to prevent cybercriminals from accessing corporate systems. With an early detection system, such as cyberdeception, organisations are one step ahead of the attacker. Decoys are deployed to throw the attacker off course and lure him into a fake environment. Organisations are alerted as soon as the attacker enters the fake IT environment, allowing security teams to take immediate action and isolate the assets. Because the response time is significantly shorter, cybercriminals are much less likely to get into real systems. This is not to say that backups will not remain important, but in 2023, a proactive approach to data protection must go hand in hand with these traditional reactive methods.”

Egon van Dongen, System Engineering Manager EMEA at Zerto calls World Backup Day a good reminder to be proactive in protecting your data and applications from disasters, ransomware and other disruptions. He notes that it is easier than ever to implement scalable software solutions to ensure you have multiple copies of your data, stored in multiple locations and on multiple formats. Van Dongen says: “Securing your data is just the beginning: once you have a data protection strategy in place, it is crucial to think about data recovery in the event of a disruption, complete outage or cyber-attack. Especially with ransomware, speed of recovery is essential: how quickly can you resume your operations without paying data loss or ransom? Rapid recovery without downtime and without data loss helps companies of any size become truly resilient, no matter what.”

Paul Smit, CTO and co-founder of ForeNova Technologies, stresses the importance of a layered approach to backing up and restoring data. “A fall 2022 survey by ForeNova and Cyber Security Insiders highlights a dangerous situation, with 87 per cent of respondents citing backing up and restoring data as the most effective measure against attacks. The founder of ForeNova Technologies calls this a distorted view of reality. “Companies need a lot of time to reboot locked systems in emergencies or to decrypt and restore encrypted data. During recovery-related system downtime, revenue and confidence can be hit significantly.” IT managers should not view a backup as the main lifeline, Smit says. “Professional attackers with extortion intentions now locate backups, encrypt or delete them before notifying the victim. So a regular backup is not enough: IT must follow the 3-2-1 rule, with a separate copy that has no connection to the corporate network. Users should regularly check their backups for ‘restore’ capability. Often, these are worthless in emergencies because IT cannot import them. Second-generation ransomware extortionists also threaten to make data public – and no backup can help against that.”

Smit notes that complex, multi-stage attacks with an extensive kill chain require continuous monitoring of activity. “IT administrators must continuously record both data flows in network traffic and the behaviour of users and endpoints to detect attacks at an early stage and protect the IT infrastructure. Only those who recognise the first indications of attacks can protect and block endpoints – and thus the backup server – in time. After the attack, forensic analysis of the data traffic follows to close the ports for renewed attacks. These are demanding tasks that overwhelm most IT teams, especially in small and medium enterprises. Protecting a backup now also requires the expertise of external security experts in a SOC as part of a managed detection and response service.”

Julia Gortinskaya, sales director at Leaseweb Netherlands, shared the following: “More and more companies are looking to the cloud to deploy new technologies or to make their own operations more efficient. With this, protecting business-critical data, regardless of where it is located, is also becoming increasingly important. Modern cloud backup solutions provide the solution. They allow data to be backed up over internet connections from any server or device, anywhere in the world. Cloud backup solutions are easy to manage and providers offer reliable and practical customer support.

But in a cloud environment, you are also dependent on your cloud hosting provider, so it is advisable to look for a reliable provider with extensive expertise, 24/7 support and robust disaster recovery solutions. They should take all precautions to ensure that customers’ data is always available, including extensive backup. Consult with your provider about a proactive backup plan to ensure business continuity. Also address how provider and cloud backup products work together to ensure everything works as expected when needed. Finally, check the backup provisions of the cloud hosting provider itself. What emergency backup services do they have, are there redundant internet connections and redundant power connections from different locations.

Original article link: https://www.dutchitchannel.nl/news/225491/leveranciers-reageren-op-world-backup-day-2023