Dan Middleton, VP UK&I, Veeam
Data protection has been in the spotlight for a number of years now since GDPR was introduced in the wake of a number of high-profile breaches. Much attention has been given to the financial and reputational ramifications of data loss, but an equally important issue is that of data recovery and the wider business continuity implications of not being able to recover data quickly. Faced with an ever-evolving threat landscape, these considerations are more important than ever.
Not ‘if’, but ‘when’
Cyberattacks are on the rise, with this uptick largely attributable to increasingly active ransomware actors. 85% of global organisations reported that they had experienced at least one ransomware incident in 2022. The skyrocketing volume and severity of cyberattacks mean that it’s no longer a matter of ‘if’ or ‘when’ an organisation will be attacked, but ‘how often’. This is the harsh reality for the modern enterprise and, with ransomware at an all-time high, a comprehensive data recovery strategy has never been more critical.
Data recovery, an essential aspect of business continuity planning, should always start with a reliable backup system, but this is only half the battle. The idea that an organisation can simply ‘restore from backup’ is a dangerous oversimplification of the process and can lead to false assumptions about the integrity, and hence, capabilities of the backup system. Any backup that has not been verified as error-free will mean the restoration of risks and vulnerabilities. This can ultimately result in further downtime and data loss which can cost the business dearly, especially in the case of a ransomware attack. Having a tried and tested strategy for getting the business back on its feet following a disruptive incident is essential.
Unfortunately, many organisations are not prepared for this eventuality. According to our Data Protection Trends Report 2023, 39% of UK&I organisations still rely on manual steps to restore data following an attack. This can be an arduous process and often leads to systems being inactive for longer than is necessary, which is particularly problematic for those organisations with large-scale operations where even a short period of downtime or a small volume of lost data could have significant implications for the bottom line. For example, if you’re a large retail business, which relies heavily on digital services – from point-of-sale systems and scan-as-you-shop devices across your hundreds of stores, to e-commerce and inventory management systems that power your online offering and home delivery, a few hours of downtime could lead to millions of pounds in missed sales.
Fortunately, to avoid this, modern data protection solutions now exist that can orchestrate data recovery and deliver organisations with lightning-fast recovery. The solutions are scalable according to the backup needs of the business. They are underpinned by techniques and principles to optimise the resilience, reliability and robustness of the data recovery process. So, how can this be achieved?
Fail to plan or prepare to fail
Preparation is key. Developing a robust backup plan is the first step, and should include a rigorous business impact assessment to identify areas of vulnerability, and to establish the Recovery Point Objectives and Recovery Time Objectives that underpin disaster recovery planning. A good practice is to assume that the worst will happen and then plan accordingly. Considering that only 55% of UK&I respondents said their data is typically recoverable after a ransomware attack, and that other causes of downtime haven’t gone away, you’d be a fool not to. Any backup plans should also clearly define the roles and responsibilities of employees so that each individual is accountable and furnished with clearly defined actions. Most will not be involved in active data or business recovery roles, but knowing how to spot a phishing scam, keep a laptop secure or identify suspicious behaviours all bolster resilience and reduce risk. Further training to role-play data recovery scenarios can also ensure that the organisation is able to recover faster, restore data more quickly, and ensure business continuity.
Immutable data backups
Adhering to the 3-2-1-1-0 rule is critical for ensuring the security of an organisation’s data, especially given today’s complex, hybrid infrastructure environments. This rule is a powerful tool that goes beyond standard security measures and takes data protection to a new level. By following the 3-2-1-1-0 rule, organisations are assured that at least three copies of their data are stored on at least two different media, with at least one stored offline and one that is air-gapped or immutable, with zero incomplete backups or errors. This ensures that even in the event of an attack, the backup version of the data will remain untouched and accessible.
Immutable backups prevent malicious actors from encrypting data after it has been written, thus creating an additional layer of protection. This is not a new concept, but the application of immutability for storage is. For example, organisations can make their data stored offsite in the cloud immutable for a certain period of time, such as 30, 60 or 90 days. This adds an extra layer of security and peace of mind, knowing that their data is safe and secure.
Test, test and test again
After creating a recovery plan, the most important thing is to test it. Organisations must know if their plan works. There is a tendency to not fully test disaster recovery plans, or not test them at all. At best, most firms partially test their recovery plans once or twice a year. Continuous testing is important, especially since applications are constantly changing. To optimise cyber resilience, automated backup verification lends itself to daily testing. This ensures that backups are functioning properly, and also allows organisations to monitor for any signs that hackers have gained access or tampered with the systems. If backups are not dynamically tested, an organisation may not be able to recover as intended.
An automated approach
The implementation of automated backup systems can greatly simplify the process of data recovery. As introduced above, by utilising software to automate the entire process, organisations can effectively back up files, folders and systems without the need for human involvement. Another viable option is to incorporate automated backup and replication, as well as self-service workflows, which enable individual employees to swiftly restore individual files in the event of an attack. This approach can greatly mitigate the risk of missed business opportunities, as it allows for rapid data recovery in a matter of minutes. By placing data restoration capabilities in the hands of employees, organisations can drastically reduce IT helpdesk request volumes, providing much-needed relief to the IT department. However, to ensure optimal performance, it is essential to invest in training, preparation and adherence to best practices.
The data recovery process is central to an organisation’s business continuity strategy and should be treated as such. Only with data backup as a core priority will enterprises be able to recover their data quickly when needed. The recovery process starts with having a reliable and well-tested backup system in place. This includes following the 3-2-1-1-0 rule, regularly verifying and testing backups, and implementing automated systems to simplify the backup process. Following these principles will ensure that organisations are well prepared to handle any unexpected disruptions and get systems – and more importantly the business functions reliant upon them – back up and running as soon as possible.
