World Backup Day 2022: What experts think

March 31 is International Data Backup Day, World Backup Day. About its role are all IT managers in the clear - actually. But backup is still a broad field and a real backup is not simply done at the push of a button. Complex infrastructures require a backup strategy that must also keep in mind that backups are an important target for attackers. This view is shared by experts from IT security service providers Barracuda Networks, Bitdefender, ForeNova, FTAPI and NCC.

World Backup Day: a good time to think about what an effective data backup strategy needs to do.

"Events like World Backup Day are good times to think about what an effective backup strategy needs to do. A lot has changed in the last few years! More and more data is hosted in the cloud, ransomware is one of the biggest threats to data today. Does on-premise backup provide everything businesses need: Reliability and value for money? Is Office 365 data protected in the cloud? Is resiliency considered and air-gap copies of the data backed up? Is a solution in place that meets DSGVO requirements? How often are DR and recovery workflows run through? It's a lot to consider, but that's what's imperative if companies want to ensure they don't have to pay for a cyberattack or complete data loss with a complete business shutdown."

Charles Smith, Consulting Solution Engineer, Data Protection, Barracuda Networks, EMEA

The convergence of cybersecurity and data protection is a top priority in times of the Ukraine conflict.

"The current conflict in Ukraine makes all IT a target of cyberattacks. Even immediately before the invasion, HermeticWiper was used to attack systems of Ukrainian government agencies and organizations with the aim of deleting data. Such attacks are also threatening in this country. They threaten not only information, but also systems and applications. Successful deletion of data and configurations of these systems or applications then becomes an ultimate threat to the functionality of digital processes - especially if IT managers cannot restore systems, applications and data quickly enough.

As a result, the long-preached protection of existing backups - the convergence of cybersecurity and data protection - is now becoming a top priority. An endpoint detection-and-response (EDR) solution can protect backup servers. Managed detection-and-response (MDR) services must reprioritize their security analysis criteria in light of the threats. Those who are reviewing their backup and disaster recovery plans now should also be looking at protecting those backups against malware. They should also look in advance at how quickly systems can be brought back up."

Jörg von der Heydt, Regional Director DACH, Bitdefender

Network Detection and Response also protects backups.

"Performing backups is a matter of course - at least in people's minds. Unfortunately, testing backups and seeing whether it is even possible to restore systems and information, and whether the data also has integrity, is not yet. But it should be. The 3-2-1 rule with an offline backup is also increasingly being taken to heart, and word is also spreading that backups also fall under the competencies of IT security.

But many CISOs and IT admins think primarily about protecting the endpoints, i.e. the backup server and the media. But that's not enough, because professional hackers specifically prepare the attack on the secured information and systems - the last reassurance many organizations rely on. A security event that occurs across the network perimeter and, for example, immediately encrypts, blocks or even deletes assets, and against which an endpoint detection and response or firewall does not protect, can only be immediately blocked by a network-level defense. Thanks to a network detection and response (NDR) that detects suspicious attack patterns, it is often not even necessary to restore digital resources.

An NDR pulls further ripcords in case of emergency: A predefined playbook of the software, for example, automatically initiates a VMWare snapshot as soon as a suspicious network incident is reported and secures the current system and information status before a possibly successful attack. Most importantly, NDR provided valuable assistance in analyzing an attack once it occurred, showing when and how an attack was launched."

Paul Smit, Director Customer Services, ForeNova

Don't be afraid of decentralized data backup - you just need trustworthy partners.

"Do backups of critical business or project data really always have to be on-premise in the company's own systems? Not in our view. With on-demand hosted solutions, automatic backups are standard. Many companies have already recognized the need for this, but there are still doubts about the security of decentralized solutions and data backups. Yet the need is becoming increasingly clear: the number of cyber attacks is rising, the attacks themselves are becoming more and more sophisticated - 100 percent security of the company's own systems and information is virtually no longer possible.

Decentrally stored backups make it possible to still access company data and systems in the event of a cyber attack or massive system failure. A trustworthy partner is important here, both when it comes to the solution and the data centers used. Data should only be encrypted and transmitted to servers within the EU. To safeguard daily project work, automatic backups of corresponding data in virtual data rooms are suitable."

Ari Albertini, Chief Operating Officer, FTAPI Software GmbH

The right backup strategy is important - because after the attack is before the attack.

"The importance of backup is demonstrated by ransomware attacks - the preferred 'earning method' of cyber criminals. When it comes to business-critical data or confidential customer information - the 'crown jewels' - the pressure to act increases immediately for companies and authorities.

When this emergency occurs, the victims have three options: they can decrypt the files, pay the ransom or recover the data. But suitable decryption tools are not always available and often not all information is available again after a ransom payment. In the worst case, further extortion stages follow with no guarantee of getting all files back. We also recommend not to respond to ransomware demands.

This leaves backups as the 'last line of defense'. To make matters worse, criminals also deliberately target them to cause as much damage as possible. Corporate and government IT managers should therefore not only follow the familiar backup rules (3-2-1), but also require additional authentication before access and create immutable backups - which they store offline, off-site or off the main network.

And because after the attack is before the attack, IT managers must understand how the hackers proceeded. After all, when a backup is reverted to, the infrastructure with the same vulnerability that was exploited during the attack comes into play. In addition to a logging mechanism, the should also implement services such as managed detection and response to detect possible further suspicious activity on their network."

Dr. Volker Baier, Principal Consultant Risk Management, NCC Group