Guardians of data backup: Experts share strategies on World Backup Day 2023
As society steps into the digital age, the importance of data in daily life has grown exponentially. Businesses, governments, and individuals rely on the constant flow of information to make informed decisions and keep the world connected. In light of this, World Backup Day 2023 serves as a critical reminder for everyone to take the necessary precautions to protect their invaluable data.
As reliance on data continues to grow, cybercriminals are seizing opportunities to exploit weaknesses and profit from the digital assets of others. A report from Crucial reveals that the global average cost of data breaches increased by over 2.5% in 2022 due to a rise in cyberattacks.
In 2022, Russia emerged as the most targeted country, experiencing over 50.4 million breaches during the first three quarters. Following Russia, China ranked second with 18.2 million data breaches, while Indonesia took the fourth spot with 14.5 million breaches.
The report also emphasizes the various forms of cybercrime, with the most frequent type of attack, making up 19%, being the theft or compromise of credentials. Phishing attacks, in which fraudulent emails or messages from perpetrators pose as legitimate businesses, are likewise widespread, representing 16% of cyberattacks. These attacks are not only common but also the priciest for businesses, with an average cost of US$4.91 million. Third-party software vulnerabilities account for 13% of attacks, and can lead to substantial financial losses for businesses, averaging US$4.55 million.
This year’s World Backup Day highlights the urgent need for robust data protection strategies to counter the ever-growing threats posed by cybercriminals and ensure the security and integrity of our digital lives.
Strategies for World Backup Day 2023
Crucial has provided several recommendations for protecting data from various types of breaches, tailored for individuals and businesses. For individuals, creating complex and unique passwords, using two-factor authentication, regularly updating apps and antivirus software, and verifying a company’s security guidelines when asked for information are all essential steps.
For businesses, it’s crucial to identify critical data and evaluate access and activity, establish and update security procedures, educate employees on data protection best practices, encrypt data (especially when sending confidential information via email), and employ a data loss prevention (DLP) solution to quickly identify suspicious data transfers.
Tech Wire Asia has reached out to several regional tech leaders to discuss the importance of organizations reassessing their security strategies and to explore the best practices that these organizations can implement.
Mike Anderson, Global CIO at Netskope
With World Backup Day upon us, it’s important to understand the power of keeping your most precious data safe and protected. As you likely already know, cloud is the predominant means for transferring and sharing data in many organizations today. A recent CSA study found that cloud storage apps were the most popular avenue for sharing data. Because your data is now everywhere, beyond just your traditional data centers and hard drives, ensuring your backups of sensitive data in the cloud are secure means a strong data protection strategy, implementing zero trust principles, is paramount.
Andy Ng, Vice President and Managing Director of Asia Pacific and South Region at Veritas Technologies
According to the Singapore Police Force (SPF), Singapore has seen a 25.2% increase in scams and cybercrimes last year. The country is still seeing many more online crimes, with phishing and e-commerce scams amongst the top 5 most common tactics.
In a recent Veritas survey of 2,000 US consumers, nearly half (48%) said they don’t trust the governments and businesses to adequately back up their digital information so it can be recovered after a ransomware attack. Consumer concern is high, and the threat landscape continues to evolve with faster and more complex threats targeting on-premises and multi-cloud environments.
Here are some best practices to incorporate for a secure and cost-effective data backup strategy:
- Start the backup process with comprehensive data classification and implement deduplication. Organizations should implement comprehensive classification systems to understand the kinds of data they have, where and how it should be stored, and for how long. Implementing identification, categorization, and retention policies will help organizations organize their data and ensure that critical and sensitive data is retained appropriately. Also, they can reduce their attack surfaces by establishing policies, technologies, and auditing that reduce their data footprint through methodologies like deduplication.
- Double down on backup at the edge. Organizations often don’t apply the same level of protection to the edge as they do in the data center, often due to skills and staffing shortages. Each edge device needs to be protected and backed up, and the resulting edge data needs to be assessed, categorized, and protected accordingly.
- Automation is key to secure and cost-effective backup and recovery. AI-based methodologies and technologies that automate provisioning, lifecycle optimization, and smart usage of resources like storage are necessary to keep up with these challenges, and they free up IT staff to focus on more strategic and transformational activity.
Sunny Chua, Singapore General Manager at Wasabi Technologies
Business leaders should ask themselves whether their organization is prepared for data loss and how fast they could restore business-critical applications in an emergency. Have they recently tested their disaster recovery plans? Are these tests frequent enough? Have these strategies proven enough to protect their data for today’s digital climate?
Considerations that will ensure holistic backup policies are:
- Tapping on cloud backup solutions: using physical media or a secondary data center for air-gapped data protection is rarely practical, costly, and labor-intensive to achieve and adds days to the recovery process. Leading data backup vendors now recommend cloud storage as a simple and more affordable alternative.
- Ensuring the use of backup solutions that enable speed of access and immutability: especially with the ransomware threats that businesses in the Asia-Pacific are more prone to, cloud storage solutions that offer object lock and immutability can enable businesses with both agility and resilience in the face of attacks, which will aid them significantly in preventing costly downtimes.
- Rethinking legacy strategies like the 3-2-1 backup rule: as widely known as it is, the beloved 3-2-1 rule is no longer sufficient for businesses to secure all of their data. Instead, a more robust security practice for modern businesses is the 3-2-1-1-0 rule: three copies of your data on two different media, one off-site, one immutable copy, and zero for zero errors by making sure the air-gapped backups are fully functional.
David Rajoo, ASEAN Systems Engineering Head, Cortex at Palo Alto Networks
The recent report from Palo Alto Networks shows that data exfiltration and leakage were reported in 70% of attacks last year, up by 30% in 2021. Organizations are also pressured to pay ransom by aggressive harassment campaigns 20 times more often than in 2021. In conjunction with this World Backup Day, it’s time for businesses and individuals to re-evaluate their data protection strategy and back up their digital treasure in case of any incident.
A comprehensive backup strategy is crucial in protecting valuable data, especially for businesses that depend on data to run their operations.
In the absence of a reliable backup, organizations may suffer long-lasting consequences. To minimize data loss risks and enable reliable data recovery, organizations must move away from traditional backup solutions and embrace object, a new type of data storage architecture designed to store and retrieve large amounts of unstructured data while being inherently scalable and immutable. This also means that once the data is written to the disk, it cannot be modified or deleted, making it more difficult for malicious actors to tamper with your critical data.
In addition to using multiple backup options, here are some important practices for CIOs’ considerations:
- Using a Zero Trust least privilege access model to consistently control and monitor users’ activities, where users are only granted access based on their job responsibilities at a given timeframe.
- Adopting automated threat detection and security alerts driven by AI and machine learning to identify threat actors’ activities at their early stage.
- Practicing a Zero Trust approach: “Never trust, always verify” to eliminate implicit trust and validate users’ activities continuously at every stage of digital interaction.
- Implementing multi-factor authentication besides email to verify users’ access and better oversee/manage third-party applications.
- Applying a data science approach that powers user behavior analytics to learn how users interact with data and determine earlier if there are suspicious behaviors or irregularities that could lead to a data breach event.
Wee Tee Lim, regional vice president for SEA and Taiwan, Cloudera
Many organizations today continue to struggle with how to effectively manage, govern, and secure their data. Establishing strong data privacy and governance policies is important to reduce data exposure and regulatory risk.
There are two sides to data privacy and governance – categorizing sensitive data and ensuring it doesn’t fall into the wrong hands. A defense-in-depth approach, which involves the coordinated use of multiple security countermeasures to protect valuable data, is crucial to tackling security risks. This means that if one mechanism fails, others step up immediately to thwart an attack.
Brett Chase, Systems Engineering Leader, at Cohesity Asia Pacific & Japan
Establishing and maintaining cyber resilience – the ability to continue to deliver business outcomes, operations, or generate revenue despite suffering an adverse cyber event – relies on having a backup and recovery approach that works when the worst occurs. Without cyber resilience, organizations bring into question their business continuity in the digital world of today and in an era where cyberattacks are no longer a case of ‘if’ but ‘when’.
Organizations can set themselves up for success by focusing their backup strategy on what data is vital for them to continue to operate and the level of sensitivity of this data that if leaked, stolen, or encrypted would significantly disrupt their ability to operate. If the exploitation of this data will cause major impacts, then it is valuable to malicious actors and is susceptible to exploitation or exfiltration.
It is crucial organizations know if this data can be recovered by their data recovery technology without a full data restore, whether their backups are immutable, if their data is encrypted in transit and at rest, if backups can only be accessed by those with specific roles or privileges, and if their backups can meet a predetermined recovery point or time targets