This is the season when experts gaze into their crystal balls, looking to predict the new trends for the year ahead. When it comes to cyber risk, we’re likely to see existing threats – in particular ransomware and phishing – continue to disrupt businesses on a daily basis. In a recent Apricorn survey, 40% of IT decision makers ranked phishing emails as the top cause of data breaches within their organisation; an increase from 35% in 2021.
While cyber-criminals will pursue the same ‘tried and tested’ tactics and techniques in 2023, they will inevitably be more sophisticated in their approach, evolving to become more successful in a remote and hybrid working environment for example.
There are steps organisations can and must take to prevent and mitigate cyberattacks, but it will become increasingly difficult to fend them off. An effective backup plan that enables fast and complete recovery of data in the event of a breach – or of a technical failure or employee mistake – is of primary importance. In short, recovery must be prioritised as highly as defence in order to manage risk.
Buy-in is not enough
In Apricorn’s survey, 99% of respondents said their organisations have data backups in place – and more than 70% have had to recover information from them following an incident. However, more than a quarter (26%) found themselves unable to fully restore all their data or documents. A partial recovery will render key services and functions unavailable, and lead to significant business disruption.
So what’s preventing so many backup strategies from being effective?
The risk of a single point of failure
Traditionally, organisations would back up to one sole storage repository, leaving them open to complete loss or damage of data. This is a particular risk today, with ransomware attackers targeting the backup itself to stop their victims restoring the data they aim to exfiltrate or encrypt.
Perhaps surprisingly, while approaches to backups have advanced from a technical perspective, with cloud servers often taking the place of on-premise hardware, this habit appears to persist. In Apricorn’s survey, nearly six in 10 of the organisations that backed up their data acknowledged that they did so via an automated backup to a central repository only.
Backing up to more than one location is the vital first step to ensuring that a full and rapid recovery from a clean, protected data set is always possible.
Follow the 3-2-1+ rule. The 3-2-1 rule is considered best practice: have at least three copies of data, on at least two different media, with at least one copy held offsite. In today’s complex and interconnected working environment, it’s advisable to add an offline location to that list; perhaps providing employees with a secure removable storage device they can use to back up locally at the endpoint, then disconnect from the network to create an air gap. With the working environment becoming increasingly dispersed, there is also an argument to supplement a central back up strategy with a local capability for remote employees.
Sanction the use of encryption. Encrypting all corporate data, including that which is backed up – whether it’s on the move, in use, or at rest – means that even if it’s intercepted it cannot be read or exploited. The approach provides a straightforward way to stay ahead of evolving cyber threats, mitigate human error, and support compliance with tough security legislation such as GDPR. Only one third of organisations currently have a policy of encrypting all of their data, so there’s a lot of room for improvement.
Educate all employees. Ideally, responsibility for backing up the information they handle should be a part of everyone’s job. Employees will need to be trained in the relevant policies and technologies; it helps to provide a ‘playbook’ that sets out all the key processes involved in performing a backup and launching a recovery, and who is responsible for which action. Staff should also have a solid grounding in the specific threats and risks facing the organisation, and the potential consequences of ‘skipping a step’, for example.
Rehearse and review. Finally, backup and recovery procedures should be practiced and tested regularly using breach and attack simulations to make sure they’re fit for purpose, and that data can be fully restored if the worst should occur. Any gaps or issues should be addressed and the playbook updated as necessary.
In a world where cyber-attacks and data loss can never be ruled out, the backup plan will take an increasingly prominent role in organisations’ security strategies. Having diverse, geographically distributed backups is the best route to protecting information. A comprehensive and tested backup protocol, executed properly by staff and fortified with encryption, will enable organisations to respond effectively if the worst should occur.