Making secure and comprehensive backup a reality

Making secure and comprehensive backup a reality
(Image credit: Shutterstock)

Recent research has found that in the first quarter of this year, UK firms were hit by over 172,000 cyberattacks each on average – the equivalent of nearly 2,000 per day and one intrusion attempt every 45 seconds. Yet another study found that more than one-third of small- and medium-sized businesses don’t have an incident response plan in place for responding to data breaches and cyberattacks, suggesting that many businesses are suffering heavily from the effects of these relentless threats.

With so many to prevent, it’s inevitable that some will slip through even the most sophisticated cybersecurity measures. To ensure that any successful attacks can be resolved quickly and to keep an organization up and running, four technology experts from Commvault share the crucial facts and advice about data backups and disaster recovery.

The impact of a global crisis

John Day, Sales Engineering Leader, acknowledges the drastic impact the pandemic has had on the way we view and use our data.

“Businesses are experiencing the data explosion impact of remote working, and the data sprawl that this has brought to their environments. This coupled with the knee jerk reactions that businesses were forced to undertake to tackle a world hit by the pandemic, has taken its toll. The acceleration of collaboration technology, cloud adoption, and SaaS offerings with elasticity, is top of mind, and due to the uncertain times, meant that organizations were forced to act first and revise later. This approach was necessary for businesses to minimize the impact, and in some cases, was needed for survival, but as you can imagine this has left a wake of fragmented data, and dispersed technologies that need to be protected for compliance as well as business continuity.

“Disaster recovery (DR) of critical applications and the need to rapidly recover from cyber threats, should both be a top focus for organizations. Companies need reliable and resilient applications and services that provide rapid recovery solutions to mitigate these threats. As mentioned above, the impact of the data sprawl effect has multiplied the threat factors, compounding the problem for many organizations. So having a solution that can not only protect your data, but also recover it quickly if needed, is paramount.”

“The COVID-19 pandemic truly provided the opportunity,” emphasizes Kate Mollett, Regional Director for Africa, “whether you wanted it or not – to test your organization’s data protection, business continuity and DR plans. An opportunity to ensure that your systems and security posture is rigid enough to provide the security and governance required to be compliant and manage data loss and cyber risk, but equally agile enough to allow users to connect from wherever, whenever and on any device.

“Physically being connected to the corporate network and having automated backups of endpoints and devices is no longer possible. Most likely elements of your workloads are also in the cloud. Are they being backed up? Have you checked? Is the platform 24/7 available or the data? What is the shared responsibility model between your cloud service provider and you – you are after all the custodian of your organization’s data. You now also have to rely on the end user community and ensure that they have the right endpoint protection, that they are connecting via secure networks and most importantly that they are cyber security vigilant and alert to hacking, ransomware and phishing attacks.”

Today’s biggest threat to data? Ransomware

“Last year alone, nearly 60% of enterprises were hit with a ransomware attack, and 73% of cyber attacks resulted in data being encrypted and held for ransom,” explains Ronnie Kaftal, Senior Sales Engineer. “2020 saw a continued uptick in ransomware attacks with threat actors taking advantage of economic and workplace disruption caused by the COVID-19 outbreak.”

Kate Mollett adds: “The risk of some form of cyber-attack is more likely than ever. It is not a question of ‘if’ but ‘when’ you will be the victim of a cyber-attack or multiple cyber-attacks. Assume the worst and plan for the worst. The difference between surviving or succumbing to an attack is an organization’s ability to react, respond and recover quickly from a cyber-attack, and to do that you need intelligent and robust data protection and data management solutions. The threat surface continues to expand and evolve. The IP behind these cyber-attacks is super sophisticated. And the target, or the threat to data is unfortunately the end user, who remains the unsuspecting weakest link in an organization’s security posture. You need to educate and continuously communicate with your user community about cyber security and what to do when compromised.”

Getting back to basics

“While it’s inherent in our human nature to hope for the best, in a business context, the smartest approach is to plan for the worst,” advises Mark Jow, EMEA VP, Sales Engineering. “Businesses must always operate with the assumption that their data is under constant threat – because it is. So whether the threat is from hardware failure, human error, data breach, ransomware attack, or natural disaster. Having a plan in place which is underpinned with the right technology solutions, skills and processes will ensure that if any crisis occurs, you can get your data back quickly with minimal disruption.

“The recent OVH data center fire has also demonstrated why it’s so crucial to know where the responsibility for backing up and recovering your data lies. The Chief Executive at OVH recommended that customers 'activate [their] disaster recovery plan' – but how many of these customers may have assumed this was the responsibility of OVH? While we can't be certain, what we do know is that with our increasing reliance on information technology, combined with the fact that disasters are inevitable, backing up your data is no longer an option or advisable, it’s an imperative and vital ingredient in ensuring your business stays in business when a crisis hits.”

John Day concludes with some essential guidance for every company: “Businesses should back up their data by starting in reverse. Effective backup really starts with the recovery requirements and aligning to the business needs for continued service. Ensuring you have the right recovery solution that aligns to the criticality of the application and data, whilst balancing the cost to the business, as well as the simplicity of operations. For example, with Office 365, protecting email and information held in collaboration tools, using a SaaS solution enables customers rapid deployment of protection capabilities, without the overhead of building and maintaining traditional, self-created data protection services.”

Commvault is a recognized global enterprise software leader in the management of data across cloud and on-premises environments, and between them these experts have decades of experience in the data management space.