World Backup Day 2022: What experts think

March 31 is International Data Backup Day, World Backup Day. About its role are all IT managers in the clear - actually. But backup is still a broad field and a real backup is not simply done at the push of a button. Complex infrastructures require a backup strategy that must also keep in mind that backups are an important target for attackers. This view is shared by experts from IT security service providers Barracuda Networks, Bitdefender, ForeNova, FTAPI and NCC.

World Backup Day: a good time to think about what an effective data backup strategy needs to do.

"Events like World Backup Day are good times to think about what an effective backup strategy needs to do. A lot has changed in the last few years! More and more data is hosted in the cloud, ransomware is one of the biggest threats to data today. Does on-premise backup provide everything businesses need: Reliability and value for money? Is Office 365 data protected in the cloud? Is resiliency considered and air-gap copies of the data backed up? Is a solution in place that meets DSGVO requirements? How often are DR and recovery workflows run through? It's a lot to consider, but that's what's imperative if companies want to ensure they don't have to pay for a cyberattack or complete data loss with a complete business shutdown." Charles Smith, Consulting Solution Engineer, Data Protection, Barracuda Networks, EMEA

The convergence of cybersecurity and data protection is a top priority in times of the Ukraine conflict.

"The current conflict in Ukraine is making the entire IT sector a target for cyberattacks. Immediately before the invasion, HermeticWiper was used to attack the systems of Ukrainian government authorities and organizations with the aim of deleting data. Such attacks are also a threat in this country. They endanger not only information, but also systems and applications. Successful deletion of data and configurations of these systems or applications then becomes an ultimate threat to the functionality of digital processes - especially if IT managers are unable to restore systems, applications and data quickly enough. For this reason, the long preached protection of existing backups - the convergence of cybersecurity and data protection - is now a top priority. An endpoint detection and response (EDR) solution can protect backup servers. Managed detection and response (MDR) services need to reprioritize their security analysis criteria in light of the threats. Anyone reviewing their backup and disaster recovery plans now should also consider the protection of these backups against malware. They should also check in advance how quickly systems can be restarted." Jörg von der Heydt, Regional Director DACH, Bitdefender

Network Detection and Response also protects backups.

"Performing backups is a matter of course - at least in people's minds. Unfortunately, testing backups and seeing whether it is even possible to restore systems and information, and whether the data has integrity, is not yet the case. But it should be. The 3-2-1 rule with offline backups is also increasingly being taken to heart and word is also getting around that backups also fall under the remit of IT security. However, many CISOs and IT admins think primarily of protecting the endpoints, i.e. the backup server and the media. However, this is not enough, because professional hackers prepare the attack on the secured information and systems - the last reinsurance on which many organizations rely - in a targeted manner. A security-relevant event that occurs via the network perimeter and immediately encrypts, blocks or even deletes assets and against which an endpoint detection and response or a firewall does not protect, can only be immediately blocked by a defense at network level. Thanks to Network Detection and Response (NDR), which recognizes suspicious attack patterns, it is often not even necessary to restore digital resources. An NDR pulls further ripcords in an emergency: a predefined software playbook automatically initiates a VMWare snapshot as soon as a suspicious network incident is reported and saves the current system and information status before a potentially successful attack. Above all, NDR provides valuable assistance in analyzing an attack once it has taken place and shows when and how an attack was launched." Paul Smit, Director Customer Services, ForeNova

Don't be afraid of decentralized data backup - you just need trustworthy partners.

"Do the backups of critical business or project data really always have to be on-premise in your own system? Not from our point of view. With on-demand hosted solutions, automatic backups are standard. Many companies have already recognized the need for this, but there are still doubts about the security of decentralized solutions and data backups. The need for this is becoming ever clearer: the number of cyber attacks is increasing and the attacks themselves are becoming ever more sophisticated - 100% security of a company's own systems and information is virtually no longer possible. Decentrally stored backups make it possible to still access company data and systems in the event of a cyberattack or massive system failure. A trustworthy partner is important here, both when it comes to the solution and the data centers used. Data should only be encrypted and transmitted to servers within the EU. Automatic backups of relevant data in virtual data rooms are suitable for safeguarding daily project work." Ari Albertini, Chief Operating Officer, FTAPI Software GmbH

The right backup strategy is important - because after the attack is before the attack.

"Ransomware attacks - the preferred 'earning method' of cyber criminals - show just how important a backup is. When it comes to business-critical data or confidential customer information - the 'crown jewels' - the pressure to act immediately increases for companies and authorities. If this emergency occurs, those affected have three options: they can decrypt the files, pay the ransom or restore the data. However, suitable decryption tools are not always available and often not all information is available again after a ransom payment. In the worst case, further extortion stages follow with no guarantee of getting all the files back. We also recommend that you do not respond to ransom demands. This leaves backups as the 'last line of defense'. To make matters worse, criminals are also deliberately aiming to cause as much damage as possible. IT managers in companies and public authorities should therefore not only adhere to the familiar backup rules (3-2-1), but also require additional authentication before access and create unalterable backups - which they store offline, off-site or off the main network. And because after the attack is before the attack, IT managers need to understand how the hackers proceeded. After all, when reverting to a backup, the infrastructure with the same vulnerability that was exploited in the attack is used. In addition to a logging mechanism, they should also implement services such as Managed Detection and Response to detect any further suspicious activity on their network." Dr. Volker Baier, Principal Consultant Risk Management, NCC Group

This article originally appeared on m-q.ch - https://www.m-q.ch/de/world-backup-day-2022-was-experten-meinen/