By: Oliver Cronk, Chief Architect, EMEA at Tanium
“World Backup Day is an initiative that should be taken seriously because I see many cases where backups are not being carried out effectively, if at all. From my experience, around 80% of organisations either haven’t backed up their data or don’t do it regularly enough. This is alarming because if these companies experience a data breach, the impact could be hugely damaging. Backups are often the last line of defence against cyber-attacks, if you can’t recover systems then backups offer a crucial lifeline.
The main reason I see for backup programs being neglected is cost. Financial and staff resources are required in order for regular, comprehensive backups to be completed and sometimes IT leaders will choose to focus these resources on other areas. The crucial tasks that need this investment include identifying where the most critical data is stored and making sure it is always included in backups. It’s also important that backed up data is regularly tested to check that it can be fully accessed without any problems. I rarely see this testing being carried out, so it’s definitely an area for improvement.
Another reason that backing up can be overlooked is a misconception that it’s purely a data centre issue, but it must also be treated as a part of a well-rounded security strategy. Every organisation should have an initiative to improve and maintain cyber hygiene, in my view backing up should be part of this. The vast majority of data breaches that I see start with an avoidable incident that an improved level of cyber hygiene could help prevent. Even if a network does still become compromised, a good level of cyber hygiene can help minimise the impact. For example, if a ransomware attack encrypts an organisation’s data, it is in a much stronger position if data has been backed up.
My advice is to use World Backup Day as an opportunity to ask important questions such as; in the event of a breach, is all of your critical data backed up and have you checked if it can be easily accessed? Are we including backing up as part of our cyber hygiene efforts and security strategy? If IT teams understand the importance of these areas and take ownership of them then they may prevent the organisation’s reputation from being severely damaged and a large sum of money being lost”.