Backups have long been a part of cybersecurity strategies. When implemented properly, they are a fundamental and effective pillar of cyber resilience in a world where potential breaches and attacks can never be ruled out.
That said, not all backup strategies are created equal. Traditionally, organisations would backup to one sole storage repository, yet this is no longer sufficient in guaranteeing recovery capabilities in the event of an attack.
With just one backup, entities today are at risk of costly business disruption. Indeed, the backup itself could be faced with either technical issues or attacks that render the service and/or their data unavailable.
With the volume and the complexity of threats involved continuing to heighten, it is vital that firms update their recovery strategies. According to the Information Commissioner’s Office, the number of organisations reporting breaches has steadily increased from 25% in 2020 to 37% in 2022.
This spike is a product of the new normal, a survey of UK IT leaders from Apricorn shows.
Organisations today see remote workers as a major threat to data security, with more than 60% of respondents holding the view that mobile/remote workers may expose their organisations to the risk of a data breach. Further, almost three in 10 confirmed that their organisation’s mobile/remote workers have knowingly put corporate data at risk of a breach in the past year.
At the same time, firms have struggled to adapt to the growing role of technologies in the hybrid era, with more than four in 10 (42%) stating that managing the digital tools used to facilitate mobile and remote working creates significant complexity when implementing a cyber security plan.
Combine these issues with the increasingly sophisticated tactics being leveraging by threat actors, and the security-centric challenges facing organisations are clear.
Between heightened internal risks and the increasing attempts of threat actors to exploit them, never has the effectiveness of organisations’ backup strategies been so important.
While several steps can be taken by enterprises to better prevent, detect and remediate against attacks, there is no guarantee that these will mitigate modern threats. For this reason, any effective multi-layered security strategy must include a reliable, tested and effective recovery plan.
So, what does such a plan look like? Here, we’ll outline five key steps organisations should be looking to follow.
Written by: Jon Fielding, Managing Director, EMEA Apricorn
Adopt the 3-2-1 rule
The 3-2-1 rule is considered best practice when it comes to backups, stipulating that organisations must have at least three copies of data, on at least two different media, with at least one copy held offsite. Today, ransomware attacks may target backups as well as networks themselves to prevent companies from restoring the data that they exfiltrate and encrypt. With diverse, geographically distributed backups housed both online and offline, firms can better protect themselves.
Embrace encryption
When data is encrypted, it’s fully protected. If an unauthorised individual gains entry to a backup copy of data, perhaps by picking up an external storage device that has been lost, the information will remain unreadable. Encryption is an easy way to stay ahead of evolving cyber threats, mitigate human error and comply with modern security legislation. Yet just 32% of organisations currently have a policy of encrypting all corporate data in place. This needs to improve.
Test regularly
It’s one thing building a backup and recovery strategy, yet readily ensuring it works effectively through rigorous testing is another process entirely. Apricorn’s survey found that 25% of companies where unable to fully recover their data when needed. Organisations should therefore look to regularly test their protocols with breach and attack simulations to determine whether backups will work effectively in crisis situations.
Create a playbook
We also recommend building a physical playbook that outlines all key processes, both in performing a backup and launching a recovery – the technologies involved, the location of any backups, how to access them, etc. This will ensure any business can always respond, even if key staff are absent in the event of an attack.
Education
Finally, it’s important to make backing up a part of everyone’s job through effective policy and education. By working to ensure employees understand the threats facing the organisation, and potential consequences of poor actions, their consciousness and in turn behaviours will begin to better prioritise security in all instances.
In following these steps, companies will be well placed to improve any multi-layered security, mitigate against modern threats and safeguard data in a disparate working environment. Indeed, it is vital that recovery is prioritised as much as cyber resiliency, enabling firms to respond quickly and effectively should a breach occur.