Cyber Security

The critical role of regular backups in cybersecurity

The increasing sophistication and frequency of cyberattacks – particularly ransomware attacks – have put data security at the forefront of challenges for businesses of all sizes. A fundamental element, which is often overlooked, but contributes significantly to a comprehensive cybersecurity strategy, is regular data backup.

Why backups matter

In its simplest form, a backup is a copy of your data stored separately from the original. In case of data loss, whether due to hardware or software failure, accidental deletion, natural disasters or cyberattack, you can restore your data from the backup.

Cyberattacks such as ransomware are a major threat to businesses. Such attacks include hackers infiltrating a network, encrypting files, and demanding a ransom in exchange for the decryption key. Having an up-to-date backup allows an organization to restore its encrypted data without paying the ransom. This is a practical demonstration of how backups can serve as a lifeline during a cyber crisis.

Types of backups and their frequency

Backups come in three main types: full, differential, and incremental.

Full backups involve copying all data, which requires a lot of resources but provides the most comprehensive protection.

Differential backups copy data that has changed since the last full backup, saving space and resources.

Incremental backups only copy data that has changed since the last backup of any kind, saving even more space but making the restoration process more complicated.

The frequency of backups should be aligned with the nature and volume of data, available storage resources, and the organization’s tolerance for data loss.

Storage options and their importance

When it comes to backup storage, companies can choose between on-premise, off-site, and cloud storage. Each has its advantages and challenges:

On-premise storage provides fast recovery times and can be beneficial when large amounts of data need to be restored quickly. However, on-premise backups are vulnerable to local disasters and attacks if they are directly connected to the rest of the system. To avoid in the event of a cybersecurity incident, such as a ransomware attack, your backups being also compromised, it is important that on-premise backup systems are isolated from the live environment.

Off-site storage offers protection against local disasters and potential attacks on a company’s internal systems, maintaining a physical distance between the live system and the backup. The main disadvantage of off-site storage can be slower and more difficult data recovery and restore.

Cloud storage provides balance, offering remote, scalable storage with relatively quick access. It also provides a layer of protection against both local disasters and ransomware attacks. However, cloud storage requires additional security measures beyond those of the provider to secure data and needs a strong network connection to restore data.

The need for data recovery plans and backup verification

An effective backup strategy should include a clear, well-documented data recovery plan. When a data loss incident occurs, the recovery process should be quick and efficient to minimize downtime.

In addition, companies should regularly verify their backups to ensure they are functional and can be restored. A backup is of no use if, when the need arises, it is not possible to restore data from it.

Cases Studies

Several high-profile ransomware attacks have highlighted the importance of backups. In 2017, the WannaCry ransomware attack affected more than 200,000 computers worldwide. Many victims were forced to pay the ransom because they did not have recent backups. On the other hand, organizations with proper backups were able to recover without succumbing to hackers’ demands.

In July 2021, a major ransomware attack targeted Kaseya VSA, a popular tool used by IT providers. The attack was orchestrated by the REvil ransomware gang, which exploited a vulnerability in Kaseya software to infiltrate the networks of many businesses worldwide. The attack affected around 1,500 businesses, making it one of the most widespread ransomware attacks of the time.

One notable case involved a Swedish grocery chain, Coop, which was forced to close more than 800 stores because its cash register software provider was hit by the attack.  The company was left unable to operate for several days, demonstrating the serious operational consequences that can result from such an attack.

However, one IT provider affected by the attack, Cognizant, was able to recover faster due to having an effective backup strategy. Even though some of its customers’ systems had been compromised, Cognizant was able to quickly restore services because it had recent and reliable backups available.

The Kaseya VSA attack underscored the importance of having a robust backup system. Companies that had up-to-date backups were better equipped to recover their systems without having to pay the ransom. In contrast, those who did not have effective backups faced a difficult choice: lose their data or pay the ransom demanded.

The attack also served as a reminder that no organization is immune to cyber threats. Whether you’re a small business or a large IT service provider, a robust cybersecurity strategy that includes regular backups is essential in today’s digital landscape.

Backup: an essential part of a broader cybersecurity strategy

Although critical, backups are only one part of a broader cybersecurity strategy. It’s a form of “cybersecurity assurance,” giving companies an important safety net against threats. However, the first line of defense should always be strong security measures, such as firewalls, antivirus software, regular system updates, and user training, to breaches from occurring in the first place.

In conclusion, the importance of regular, reliable backups cannot be underestimated. At a time of escalating cyber threats, a comprehensive backup strategy is not just a good practice, but a business necessity.