SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
World Backup Day highlights need for robust data protection
Fri, 29th Mar 2024

In today's age of digital dominance, data security and safety have become more crucial than ever. To highlight this, World Backup Day, scheduled for 31 March, encourages a focus on protecting vital data and implementing effective backup strategies. Given the current threat landscape dominated by cyber-attacks, data backup offers a lifeline that can keep businesses afloat.

Anthony Spiteri, Regional CTO for APJ at Veeam, has chosen the occasion to share five best practices for enhancing cybersecurity resilience through secure backup strategies. Commenting on the need for stronger security approaches, Spiteri pointed out that World Backup Day serves as a 'timely reminder for organisations to up their data protection game by having the right recovery and ransomware protection capabilities.'

The primary concern is cyber attacks, which, according to Veeam's Data Protection Trends Report 2024, have been listed as the leading cause of business outages for four consecutive years. This serious threat from ransomware is now more of an ongoing issue rather than an isolated problem. Spiteri revealed, 'Eight in ten 10 APJ organisations suffered at least one ransomware attack last year.' The consequence of these attacks goes far beyond affecting business continuity; they hurt brand reputation and result in revenue loss.

This threat landscape emphasises the need for effective backup strategies, and accordingly, Veeam has proposed five advisable ways to ensure secure backups and reinforce cybersecurity resilience:

The first approach is to strive towards achieving a Zero-Trust environment to keep attackers out. Zero-trust is a proactive security model that assumes potential threats exist both inside and beyond network perimeters. It secures all endpoints by default and continually refining security practices to outpace evolving threats.

The second practice centres on data immutability to maintain business continuity in the face of ransomware. Immutable backups, which cannot be altered or deleted, provide protection against threat actors aiming to compromise backups and thus guarantee data recoverability.

The third strategy involves using encryption throughout data's lifecycle, from creation to backup storage. This strategy depends on strong collaboration between the security and backup teams, aiming to enhance data protection measures and minimise the risk of unauthorised data access.

The fourth practice revolves around careful planning and testing for worst-case scenarios. This means maintaining updated documentation, frequently testing backup plans, and verifying Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

Finally, it is crucial not to reintroduce the threat during recovery. Having a plan in place to handle infections and prevent reinfections from backup data that might contain latent, unactivated malware is vital.

These practices, as recommended by Veeam, emphasise that data protection is not just about prevention but also about how businesses can survive and recover when cyber-attacks are sadly almost inevitable.