Implementing a secure and cost-effective data backup strategy can go a long way in mitigating the damage caused by cyberattacks

Every year on March 31st, the global tech industry commemorates World Backup Day to raise awareness about the importance of backing up our data.

The origin of this day goes back to a post on Reddit in 2011. It’s believed that a user posted about his regrets of losing his hard drive and not having any backup of the same. He wished that if someone had reminded him of keeping a backup of his precious files then he would not have to bear the grief of that irreversible loss.

It’s a feeling, that perhaps many businesses and individuals would relate with all too closely. After all, the consequences of losing your data whether business-critical or personal, can often be and is, devastating.

Why data backup is critical

Over the past year, many changes have occurred, with organizations adjusting to remote work and mobility. Businesses increasingly store their data and applications in the cloud, while compliance requirements and data security regulations continue to evolve.

Although ransomware is a significant threat that can result in severe data loss, it is not the sole cause. In fact, human error and hardware failure are the top reasons for damaged or deleted files, followed by theft, natural disasters, and common accidents like spilling liquids on laptops.

In fact, the numbers are startling:

It is essential to recover quickly from these scenarios to avoid harm to your business, digital memories, and other critical data.

What data security experts say

The IBM X-Force Threat Intelligence Index, stated that the Asia-Pacific region faced the highest number of cyberattacks in 2022, accounting for 31% of all incidents.

Extortion emerged as the most common goal behind the attacks, where the perpetrators used ransomware to hold businesses to ransom. The report also highlighted that manufacturing businesses were the most extorted due to the industry’s low tolerance for down time.

According to Viswanath Ramaswamy, Vice President, Technology, IBM India & South Asia, “Businesses in Asia-Pacific including India will continue to face growing numbers and sophistication of cyber threats as bad actors take advantage of economic and geopolitical disruptions. Hence, it is imperative that business leaders take immediate action to prepare and secure against these malicious threats”, Ramaswamy explained as quoted by a news outlet.

Andy Ng, Vice President and Managing Director, Asia Pacific and South Region, Veritas Technologies, shared his perspective with CybersecAsia:

“In a recent Veritas survey of 2,000 US consumers, nearly half (48%) said they don’t trust the governments and businesses to adequately back up their digital information so it can be recovered after a ransomware attack. Consumer concern is high, and the threat landscape continues to evolve with faster and more complex threats targeting on-premises and multi-cloud environments.

On World Backup Day, business leaders must reflect upon their backup strategy as well as their data management strategy as a whole. This day serves as an important reminder of the ever-growing threat of cyberattacks, with the complexity of hybrid and multi-cloud environments creating additional challenges for organisations in managing, protecting, and securing their data.”

The stakes are high, and the challenge is steep

Businesses across the globe and especially in the APAC region are aware of the acute challenges posed by cyberthreats. However, this knowledge is encumbered with concerns and lack of confidence surrounding the existing data protection capabilities.

The recent Dell Technologies 2022 Global Data Protection Index (GDPI) revealed that:

    • 70% are concerned their organization’s existing data protection measures may not be sufficient to cope with malware and ransomware threats
    • 59% are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyberattack
    • 80% say a lack of data protection solutions for newer technologies such as containers, cloud-native, IoT, edge is one of the top five challenges their organization faces in relation to data protection
    • $997,000(USD) was the average cost of data loss in the last 12 months

What to do

While ransomware attacks can be devastating for organizations and individuals, capitulating to extortion in hopes of recovering lost data, is not the answer.

Andy Ng of Veritas Technologies recommends the following best practices to incorporate for a secure and cost-effective data backup strategy:

    • Start the backup process with comprehensive data classification and implement deduplication

      IT departments can’t afford to save their data indiscriminately as they face tight budgets and intensifying scrutiny over cloud spend ROI — 94% of organisations globally (96% in Singapore) already overspend on cloud. Organizations should implement comprehensive classification systems to understand the kinds of data they have and therefore where and how it should be stored and for how long. Implementing identification, categorisation and retention policies will help organizations organise their data and ensure that the critical and sensitive data is retained appropriately. Also, they can reduce their attack surfaces by establishing policies, technologies and auditing that reduces their data footprint through methodologies like deduplication.

    • Double down on backup at the edge

      Organizations often don’t apply the same level of protection to the edge as they do in the data center, often due to skills and staffing shortages. Each edge device needs to be protected and backed up and the resulting edge data needs to be assessed, categorized and protected accordingly.

    • Your data isn’t inherently safer in the cloud

      As part of their standard service, most CSPs only provide an uptime guarantee of their service, not comprehensive cloud data protection with guarantees. In fact, many include a shared responsibility model in their terms and conditions that a customer’s data is their responsibility to protect. Shared responsibility when it comes to data protection, is in reality, your responsibility. The same rules that apply to all your other data, apply to your cloud data: you must assess, categorise, protect and recover it. Never just assume someone else is doing that for you. The easiest way to achieve this is to ensure that the enterprise data protection capabilities you expect and use today can be extended to hybrid cloud and cloud native.

    • Automation is key to secure and cost-effective backup and recovery

      Enterprises are dealing with an unprecedented quantity and variety of workloads and data that they need to manage. AI-based methodologies and technologies that automate provisioning, lifecycle optimisation and smart usage of resources like storage are necessary to keep up with these challenges, and they free up IT staff to focus on more strategic and transformational activity.”