More companies are beginning to understand the need for establishing backups and other systems for managing their data and establishing recovery. At the same time, there’s a lack of awareness that we need to also be protecting backups themselves for cyber resilience.
Why protect your backups?
Alarming data from Rubrik shows that cyberattacks are increasing, not falling off – and they’re working. Over eighty percent of attacked companies admit to having paid some form of ransom, mostly due to the increased complexity of attacks coming from a variety of attack vectors.
More concerningly, 74% of organizations discovered their backup or recovery systems were at least partially compromised during attacks, with over a third (35%) suffering complete compromise. This speaks volumes about both priorities for attackers as well as the average level of backup security put in place.
With backups forming one of the last lines in your disaster prevention and recovery plans, a compromised backup represents a catastrophe in the making. A ransomware attack that successfully locks your ability to recover out of it has won – your company now pays the ransom, or loses all their critical data.
The consequences can be devastating: extended downtime, significant revenue losses, and reputational damage that can persist for years. For instance, IBM’s Cost of a Data Breach Report 2024 found that 70% of organizations experienced a significant or very significant disruption to business resulting from a breach, and only 12% reported that they had fully recovered. For those who were able to recover completely, more than three-quarters said it took them more than 100 days – a hundred days of zero productivity and potentially increased operating costs.
What can you do?
As we’ve mentioned before, some of the easiest and most immediately effective steps is to align your backups with the 3-2-1 Backup rule – three separate backups, on two different mediums, one of which is offsite.
While this is not completely bulletproof, thanks to the multivector cyberattacks we’re seeing in recent years, it nevertheless greatly improves your chances of making it through a cyberattack attempt at least partially intact. Another step that can and should be taken is aligning your organization with Zero Trust principles, limiting the number of vectors of attack that can successfully lead to your backup being compromised.
Your Data In Your Hands – With TECH-ARROW
