World Backup Day 2023: The Importance of Proactive Measures to Prevent Data Loss and Theft

Data loss or theft can cost an organization not just its reputation but also mission-critical operations.

Last Updated: March 29, 2023

  • World Backup Day is promoted every year on the 31st of March by the tech and backup industry to highlight the importance of securing computer systems and safeguarding data.
  • This World Backup Day, Spiceworks got in touch with global tech industry leaders to talk about the impact of data theft and data loss. 
  • They also highlighted the importance of building awareness about backups and key strategies for organizational operations.

1. Johannes Ullrich, Dean of Research at SANS Technology Institute

“Data should be considered “at risk” if it can’t be found at least three locations. Organizations should aim to maintain an on-premise copy, a cloud or online-remote copy, and an offline remote copy of critical data. In particular, sophisticated ransomware will attempt to disrupt recovery from backups, and any online backup, remote or local, is at risk.

Attackers exploit backup system vulnerabilities to access confidential information or to disrupt recovery after a ransomware incident. Controls used to monitor access to on-premise backups do not always translate one-to-one to cloud-based systems. 

Designing a cloud-based solution, organizations need to consider how access is controlled, how requests to retrieve or store data are authenticated and how the backup live cycle from creation over retrieval to eventual deletion is managed.

One of the main reasons to invest in on-premise backups is to speed up recovery. Cloud and offsite backups will almost always be slower. In some cases, cloud backup providers may have mechanisms to accelerate the recovery of large amounts of data by shipping hard drives instead of using slower internet connections. Make sure you test recovery speed to estimate better how long it will take to recover large amounts of data.

Any data leaving your direct control, such as physical backup media being shipped offsite or cloud-based online backups, must be encrypted before they leave the network you control. Backups must be encrypted in transit and at rest at the backup location. This may, in some cases, cause additional complexity, but rarely used backup data should always be encrypted.”

See More: The Ethical Conundrum: Combatting the Risks of Generative AI

2. Manikandan Thangaraj, VP, Program Management, ManageEngine

“Disaster recovery and data protection will play a crucial role in 2023. With ransomware attacks constantly garnering headlines, organizations should get used to the fact that it is impossible to prevent ransomware attacks entirely. It’s a question of when their operations will be affected by ransomware, not if. Moreover, with the rise of Ransomware as a Service (RaaS) over the past couple of years, global ransomware damage costs Opens a new window are predicted to exceed USD 265 billion by 2031.

The only way organizations can withstand the ransomware threat is by investing in disaster recovery solutions. Disaster Recovery as a Service (DRaaS) has been on the rise for the past few years, and its market size is predicted to reach USD 41.26 billion by 2030. The winner of the battle between the backup service providers and threat actors who leverage ransomware will be determined by how quickly DRaaS providers can react to potential new threats.

Organizations should prefer solutions built on the zero-trust security model to ensure data security. When it comes to data backup and recovery, using a zero-trust strategy will boost data security because you’ll be authenticating both the user and the device initiating the backup. Of course, achieving zero trust is a long and challenging journey, but it is a must for organizations that care about data security. Zero Trust Network Access (ZTNA) is anticipated to increase by 31% in 2023, according to Gartner, making it the fastest-growing area of network security.

Another recommended strategy to meet today’s evolving threats is to implement the 3-2-1-1 backup rule—which is an update to the popular 3-2-1 rule with the extra ‘1’ covering immutable storage. Immutability will restore your data to its original, unaltered state and get you back in operation within minutes of a breach, so you can be sure that you can recover your data even after a successful attack.”

3. Gunter Ollmann, Chief Technology Officer, Devo

“An effective backup strategy ensures business continuity and minimizes data loss. As the saying goes, “measure twice, cut once,” which also applies to enterprise backup strategy. 

To start, a company should review its contractual commitments with its customers to ensure that it meets the minimums necessary to stay in compliance. Next, the backup strategy should prioritize backing up data for keeping the lights on for the product/service and internal operations. 

Non-critical data can be added with sufficient capacity but can also be costly. To ensure that the backup strategy is effective, it is crucial to test the ability to restore data by testing systems processes and the capacity of the DR solution/backup site.

The backup strategy should be tested regularly and adjusted to achieve the desired outcomes. Paying attention to systems that cannot be recovered or those that produce errors is also important. Conducting a root cause analysis can help prioritize and fix any issues before an event occurs.

To ensure scalability and adaptability, the backup strategy should be reviewed regularly to meet evolving business needs. This can include considering new technologies or processes to improve the backup strategy’s effectiveness or help the company respond more quickly in a BC/DR situation.”

4. Steve Watt, SVP, Chief Information Officer, Hyland Software

“The key in most cases [data protection, backups and disaster recovery] is having a program that includes a 360-degree view of all the systems you need to protect, a properly prioritized continuity recovery plan, and an effective testing and audit strategy. It’s also important to develop a strategic risk program and make smart decisions on the type of recovery scenarios you’re most likely to face.

Getting a copy of your data is often the easy part, but building an effective program to address all the other aspects of data continuity is where a lot of the work happens. Regarding precautions, I would advise in relation to test plans to always be wary of simulated recovery scenarios. It’s important to do full failover and recovery whenever possible so that you truly can understand the nuances you may face in a real situation.

Ensure your business units understand the dependencies that exist on those cloud systems and how they interact with processes and on-premises infrastructure in the case of hybrid [cloud storage]. It’s also important that you have an accurate inventory and understanding of any secondary systems that functional groups use in their processes. 

Many times in testing, we have run into situations where you think all the right apps are being protected – only to find out a SaaS tool has been integrated into a process but not well documented. That is why it is so important to test your plans and recovery and make the business a large part of that effort to ensure something small doesn’t become an issue.“

5. Jason Konzak, SVP, Professional Services, Flexential

“Ransomware thieves are swarming the internet – and their success reflects the industry’s continued inability to implement appropriate preventative and recovery measures. Without proper backups and incident response plans, businesses are unable to recover data effectively and efficiently, putting long-term business success on the line. In 2023, I urge leaders to prioritize robust data protection for their IT organizations.

Since IT admin work can quickly fall to the bottom of to-do lists, I suggest directly assigning responsibility to employees for maintaining and testing the backup strategy. On a daily basis, an assigned employee should manually review backup and DR job successes and failures.

Failed jobs must be tracked as incidents and corrected so they do not become persistent gaps in protected data. Similarly, designated team members should test backups and DR solutions and document the results of success and failure and the expected recovery time and recovery points (RTO and RPO).

The results of these tests must be shared with organizational leadership so everyone can be on the same page about the ability of IT to protect critical data and keep business operations running.”

6. Neil Jones, Director of Cybersecurity Evangelism, Egnyte

“World Backup Day reminds us why data protection should be prioritized by all organizations on an everyday basis. Data backups have become mission-critical as organizations struggle to manage the vast amounts of data they generate in today’s hybrid work environment while navigating rising cyberattack volume and rapidly evolving data privacy regulations.

The most significant evolution I’ve seen over the past several years is that most companies can no longer view data backup strategy monolithically. Rather, they need to balance a mature Business Continuity and Disaster Recovery (BCDR) program with lighter, more nimble backup approaches such as snapshot recovery. Here’s why: In the event of a significant, just-in-time cyber incident like a ransomware attack, users cannot remain productive without immediate access to their data, and even minutes or hours of data interruption can have a major impact on productivity.

On World Backup Day, and every day, organizations should implement effective data protection strategies like reducing data sprawl, restricting users’ access to information on a ‘business need to know’ basis, and incorporating data backup into their incident response plan. It’s also important to encourage your employees to take proactive steps to back up their data, as data protection needs to be a way of life rather than waiting for potential crises to serve as teachable moments.”

7. Jerod Johnson, Senior Technology Evangelist, CData Software

“Data loss and theft can have serious consequences for businesses, including financial losses, reputational damage, and legal liabilities. Thankfully, there are several relatively easy steps organizations can take to defend against data loss and theft.

Organizations can conduct a risk assessment to identify their critical data, where it is located, and potential vulnerabilities. They can also implement technical and organizational measures such as encryption, access controls, permissioning, and anti-virus software. 

All these measures are in vain, however, if employees are careless with their data. That’s why it’s vital for everyone across the organization to participate in regular, formalized security training to understand and uphold best practices when handling data.

In case of a security breach, enterprises need a data backup plan in place and regularly test backup and recovery procedures. Monitoring and alert systems can help detect and respond to unauthorized access or unusual activity. Finally, data teams must stay informed of the latest data security threats and trends and adapt their security measures accordingly to help businesses protect against any major data loss and theft.”

8. Astrid Gobardhan, Group Data Protection Officer, VFS Global

“The rapid rise of remote work and digital communication, expedited by the COVID-19 pandemic, means businesses are now storing and processing data on an increasingly large scale from customer order details right through to financial information. It is essential that organizations employ robust checks and processes and adequately safeguard any data that they hold.

Annual reminders, like World Backup Day, instruct us of our obligations vis-a-vis data management – and what steps we, in the business community, can take to reduce risk.

Businesses, large and small, should ensure they are performing regular data backups, encrypting sensitive data, and employing strong passwords as part of their day-to-day operations.

They should also consider the benefits of training their employees on cybersecurity best practices and educating them on the importance of data security. This should include how to identify potential threats and how to prevent or mitigate data loss.

Organizations that fail to understand the significance of data management are likely to find that they may struggle, reputationally, in a climate where customer interest in information security is piquing and where questions are being asked about trust and how data should be shared, stored, and exchanged.

At VFS Global, maintaining a “gold standard” on data is a fixture of our business model. We monitor the security of our systems constantly and employ the latest software, firewalls, and appropriate backups, as part of our efforts to safeguard the data we process on behalf of our client governments. Ensuring that we have the most robust practices in place, and continue to uphold the confidence that governments have in us as “safe custodians” of their data, is an essential component of our operations.”

9. Joe Noonan, Product Executive, Backup and Disaster Recovery, Kaseya

“World Backup Day is a perfect time for organizations to reflect on their business continuity and disaster recovery plans. 

While we have returned to “pre-pandemic life,” Covid’s after-effects are still being felt. A recent study shows that there are now three times more remote jobs compared to 2020. The workplace moved online during the pandemic, and people have continued with remote work three years later. 

This has had a profound impact on how organizations protect and store their data. In a hybrid workplace, a company’s data is stored in a variety of different places, creating a greater risk of attacks from cybercriminals. Cyberattacks have grown in sophistication since organizations have moved to more remote workplaces and the recovery process can take longer as well with new cyber insurance requirements. 

In addition to remote work, the emergence of ChatGPT also brings about new risks. Threat actors are now using new technology to increase the speed and variation of attacks by altering code and creating different variations of social engineering attacks. Machine learning technologies are growing in complexity, which means more ways for threat actors to use the emerging tech for hostile intent. 

With the world and its technology continuing to change by the minute, it has never been more important for organizations to have an up-to-date backup and disaster recovery plan – and, more specifically, one that can defend their data no matter where it lives. Then taking the time to build and test the plan – or working with a qualified managed service provider to do so – is the key to eliminating data loss and downtime

10. Yev Pusin, Backup Stewart & Senior Director of Marketing, Backblaze

“We’ve enthusiastically celebrated World Backup Day from its beginning because of how important raising awareness about data backup is. When we first started Backblaze, we found that people perceived backups as a cumbersome, hardware-dependent process. We were competing against apathy and a belief (from both consumers and companies) that there couldn’t be a better system.

Basically, there wasn’t anyone in the market that thought data backups on a consumer level was worth innovating. Most consumers thought data loss was an inherent risk with computer ownership.

World Backup Day is a natural bridge to raising awareness around the accessibility, ease and importance of data backups. Our research with the Harris Poll shows 67% of computer owners in the United States have accidentally deleted something, 54% have suffered data loss, and yet only 10% are backing up daily.

It’s easy to use fear, uncertainty, and doubt when explaining the need for data backup. But some of the gaps are caused by confusion about both how exactly they are backing up and what is getting backed up.

That’s why World Backup Day is so important in raising awareness. To us, those data points represent an opportunity: If you can make your data accessible on the go, easily shareable, and safer, then your digital life just got a lot better.”

11. Ed Chyzowski, Principal Product Manager, Security, Syntax

“An important part of any organization defending themselves from cyber criminals is staying up to date on the latest vulnerabilities and knowledge to apply safeguards to those vulnerabilities. Many companies’ IT departments are stretched thin and may not have the staffing bandwidth or cybersecurity experience to correctly apply and monitor those safeguards in their systems.

It is critical that any organization realizes there are always potential bad actors, either externally or internally, which may compromise the organization’s ability to safeguard its operations and retain its customer’s trust as a responsible partner or vendor.

Recent advancements in machine learning and AI have enhanced the threat protection landscape, which allows enterprise-level protection used by our SOC to protect our ERP customers with the best-in-breed solutions. Having these tools and experience in place can prevent fraudulent activity from ever entering our customer’s systems. 

Unfortunately, we do know some bad actors will get some wins, so being able to recover sensitive data and remain operational in the event of a breach is a key element in cybersecurity and our customer’s remediation plans. Cybersecurity is a partnership between our customers and Syntax – where we can provide the expertise and experience to safeguard many of these attacks in conjunction with our customer’s requirements. 

End users, in most cases, are the best security once trained properly, and in conjunction with the vulnerability remediation and Extended Detection and Response systems we have in place, companies will feel secure in today’s digital era.”

12. Emily Schwenke, Director of Archive Product Marketing, Mimecast

“A robust Governance, Risk and Compliance (GRC) plan and continuous employee awareness training are the most effective ways to prevent data loss and theft. Today’s reliance on technology affords businesses little tolerance for data management missteps, especially when the cost of non-compliance can equate to the financial losses of a breach.

A GRC plan enables quick and easy in-house e-discovery and litigation support, protects and retains essential business data following data sovereignty regulations, and leverages a cloud-based archive to recover deleted, corrupted or stolen files quickly.

But even with best practices in place, no cybersecurity solution is impenetrable. 80% of organizations believe their company is at risk due to negligent employees, proving continuous and interactive awareness training is just as critical as a cybersecurity solution.”

13. Terry Ray, SVP, Data Security GTM & Field CTO, Imperva

“58% of sensitive data breaches are caused by insider threats. Traditional perimeter security, native data repository access controls, and data encryption solutions are powerless against data breaches involving data handling mistakes, malicious insiders, and attack exploits that leverage compromised account credentials.

The financial costs of a data breach of this kind are a wake-up call on their own, but it also takes 85 days on average for resolution. This downtime can negatively impact brand reputation and substantially harm financial by-products.

Not only has there been a greater number and higher frequency of breaches over the last decade, but an increasing amount of stolen data is being exposed and sold on the dark web. This stolen dark web data is being sold to black hat hackers and then used in extortion attempts and as fuel to create “phishing” and other social engineering campaigns, leading to more data breaches.

Organizations must prioritize best practices for protecting against these incidents, like continuously backing up data, reviewing access privileges regularly, never reusing passwords, requiring multi-factor authentication, and assuming every email, voicemail, or text message could be phishing.”

14. Mike Kiser, Director of Strategy & Standards, SailPoint

“At least half of all cyberattacks are identity-based; therefore, protecting against data loss and theft must encompass all the identities within an organization, including third-party and temporary employees.

Securing a dynamic workforce can be done most effectively through continuous access, permission monitoring, and automated onboarding/offboarding through AI and ML.

Since the implications of lax security are broad and costly, ranging from financial losses and reputational damage to mitigation costs and regulatory fines, operating under the mantra “giving people only the right amount of access at the right time” is business critical. It only takes one set of compromised credentials to give hackers the key to the (data) kingdom.”

15. Davit Asatryan, Security Evangelist, Spin.AI

“With SaaS data becoming one of the most critical resources that must always be accessible to employees, customers, and partners, the need for automated data protection cannot be overemphasized.

Unavailable SaaS data or data loss due to data corruption or ransomware can result in severe consequences for businesses, including SaaS downtime, business disruption and, more importantly, non-compliance with regulations such as HIPAA, PCI-DSS, GDPR, and more.

By automating backup processes, businesses can minimize downtime and prevent data leaks and loss, ultimately safeguarding their operations and reputation. Businesses must recognize the value of automation in data backup and take action to ensure the security and accessibility of their data.”

16. Anthony Cusimano, Technical Director, Object First

“We celebrate backup because it’s the last bastion of defense against ransomware. With best practices in place, an acceptance that attacks will happen, and daily vigilance, backups are much more than an insurance policy.

First, ensure you are running backups, verify that your backup strategy is behaving as expected, and cover all the data you need to restore in a crisis. Second, test your recovery scenarios. Your backups are only as good as knowing what they are and where they belong. Third, ensure that your backups are backed up and practice the 3-2-1 policy – have three copies of your data stored in at least two locations, with at least one immutable copy. Lastly, ensure your backups are immutable.

Encryption is good, but it can be decrypted if the admin accounts that control it are compromised. Immutability is the only way to truly ransomware-proof your backups.”

17. Carl D’Halluin, Chief Technology Officer, Datadobi

“Failing to backup your data can have catastrophic consequences, as a single hardware failure, cyber-attack, or natural disaster can wipe out all your valuable information, leaving you with no way to recover it. This means that years of hard work can all be lost instantly, with no chance of retrieval. Even the cost of losing just a portion of your important data can be immeasurable, with potential financial, legal, and reputational implications lasting for years.

Identifying the vital data that requires protection should be the first step in the process. But even if you know and can ‘describe’ what data must be protected, finding it has always been another matter – and you cannot back up what you cannot find. To effectively address this enormous and complicated undertaking, users should look for a data management solution that is agnostic to specific vendors and can manage various unstructured data types, such as file and object data, regardless of whether they are stored on-premises, remotely, or in the cloud.

The solution should be capable of evaluating and interpreting various data characteristics such as data size, format, creation date, type, level of complexity, access frequency, and other specific factors relevant to your organization. Subsequently, the solution should allow the user to organize the data into a structure most suitable for the organization’s particular needs and empower the user to take action based on the analyzed data.

In this case, backup the necessary data to the appropriate environment(s). And if necessary, the solution should enable the user to identify data that should be organized into a ‘golden copy’ and move that to a confidential, often air-gapped environment.

To sum it up… Don’t let the nightmare of data loss become your reality – always backup your data.”

18. Brendan Hannigan, Co-founder & CEO, Sonrai Security

“Most corporate data is now in the cloud, which offers strong mechanisms for protecting that data. The cornerstone of that protection is identity, access, and permissions. Focus on reducing blast radius to critical data with a relentless focus on identity, access and permissions that minimizes access or movement to your data.” 

19. Rob Price, Director, Field Security Office, Snow Software

“Banking collapse, volatile economies, pandemics, and cybercrime don’t change the fundamentals – data is the lifeblood of every organization and must be protected. Companies must adhere to the law, govern data accordingly and have a recovery plan.

Backups represent the last line of defense for everything from fat fingers to state-sponsored attacks. The key, as ever, is to treat information assets according to their importance to your business and manage risk accordingly.”

See More: Cyber Insurance Can’t Do it Alone

20. Tony Liau, VP, Object First

“As we celebrate World Backup Day, it’s critical to acknowledge the pivotal role of backup and recovery in shielding organizations from the disastrous impacts of data loss. However, with the increasing frequency and sophistication of ransomware attacks, simply backing up data is no longer adequate. Organizations must ensure that their backups are immutable to prevent malicious encryption, which can cripple operations and result in significant financial losses.

As we navigate the ever-evolving threat landscape, it’s crucial for organizations to proactively safeguard their data and ransomware-proof their environment by implementing proper data protection strategies that include immutable storage. Let’s take action today to safeguard our valuable data, maintain business continuity, and protect against ransomware attacks.”

See More: Outsmarting Data Exfiltration Attempts with Identity-first Security

21. Kevin Cole, Director of Technical Marketing & Training, Zerto

“World Backup Day is a timely reminder to proactively protect your data and applications from disasters, ransomware, and other disruptions. It’s easier than ever to implement scalable software solutions to ensure you have multiple copies of your data stored in multiple locations and formats.

Securing your data is just the start: once you have a data protection strategy in place, it’s critical to consider recovery of that data should any disruption, outage, or cyber-attack occur. Especially with ransomware, speed of recovery is the key: how quickly can you resume operations without losing data or paying the ransom? Rapid recovery with no downtime and no data loss helps businesses achieve true resilience and bounce back no matter what comes along.”

Did you enjoy reading this article? Comment below or let us know on FacebookOpens a new window , TwitterOpens a new window , or LinkedInOpens a new window . We’d love to hear from you!

MORE ON SECURITY

Image Source: Shutterstock

Anuj Mudaliar
Anuj Mudaliar

Assistant Editor - Tech, SWZD

Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.
Prajakta Patil
Prajakta Patil

Sr. Assistant Editor, Spiceworks Ziff Davis

An English graduate currently pursuing her MA in Journalism, Prajakta has 10 years of experience in content development. She has worked with newsrooms like Indian Express and Dainik Jagran where she handled feature articles on a daily basis. She has also contributed to WhatsHot, a venture by Times Internet. As an Editor for Toolbox, she handles long-form articles on cybersecurity, cloud, DevOps and more. You may reach out to her on prajakta_patil@ziffdavis.com to draw her attention to interesting topics.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.