March 31st is World Backup Day – a reminder for businesses and individuals to take good care of the data they rely on and care about. It’s also a fantastic opportunity to reflect on the prevalence of data loss and the severity of its consequences, and a prime time to address any vulnerabilities in your backup and recovery approach.
To mark World Backup Day 2023, we’ve compiled a selection of eye-opening data backup statistics and four backup facts that may surprise you.
2023’S MUST-READ BACKUP STATISTICS
DATA BACKUP ACTIVITY
- 25% of IT leaders perform backups every month
- 33% of IT leaders perform backups every week
- 72% of all IT users recovered from a data backup last year
- 21% of people have never made a backup
DATA BACKUP GAPS
- 96% of businesses don’t backup workstations locally
- 60% of data backups are incomplete somehow
- Up to 50% of data backups fail or are at risk of doing so
- 30% of computers are already infected with malware
DATA BACKUP BIGGEST RISKS
- 40% – 60% of small businesses won’t reopen following data loss
- On average, 44% of data is unrecoverable after a ransomware attack
- There’s been an 85% increase in dark web data dumps
- 29% of data loss cases are caused by accident
FOUR BACKUP FACTS TO REFLECT ON THIS WORLD BACKUP DAY
1. YOU’RE PROBABLY RESPONSIBLE FOR SECURING YOUR DATA
Most data backup and disaster recovery solutions, including popular options from Microsoft 365 and Amazon’s AWS, follow a shared responsibility model.
In short, this means that the backup provider is responsible for the security ofthe cloud and you are responsible for security in the cloud. Think about it as infrastructure level (physical, app-level) and data protection level (user error, tampering or malware infection).
Therefore, the shared responsibility model means that cloud backup customers are accountable for any action or function that classifies as an “access and control measure.” Examples include:
- Accidental deletion (the recycle bin only stores for so long!)
- Malicious insider attacks, like tampering or dark web publishing
- Surrounding security stack to prevent backup access via lateral movement
- Ineffective Identity and Access Manage
- Replicated backups to a storage repository in a redundant location
No cloud backup provider is intentionally careless, but ultimately, customers are responsible for securing data with policies, processes and security posture best practices. Using a third-party Backup as a Service (BaaS) will help mitigate any oversight or malicious act at the data protection level, by ensuring redundancy and streamlined file recovery.
2. IMMUTABLE BACKUPS ARE NOT ALWAYS SAFE BACKUPS
Advanced Persistent Threats – a type of stealth attack where a threat actor gains access to networks and remains undetected for some time – are surging.
ATPs are no longer the domain of state-sponsored or major infrastructure attacks and are sadly becoming a common attack vector against regular businesses. Especially smaller outfits, whose available resources and skills can make defending against newer threats more difficult.
And this is potentially bad news for data backups – if IT infrastructure is compromised by an ATP, there’s a good chance that your data backups will be infected with malware. That means the next time you come to use (or need to recover) backed up data, you may unwittingly launch a malware attack against your own organisation.
As a result, it’s vital that your chosen backup product can validate data integrity. Immutable storage backup is one option – but it can stretch the budget for SMEs. For information about alternatives, speak to Node4.
3. ADMINISTRATORS ARE THE NEW HOT SOCIAL ENGINEERING TARGET
Well, administrators who are responsible for data backups, at least. Don’t let job seniority cloud your judgement – a threat actor cares far more about access to, influence over and control of data than leadership structures.
And with backup developing as an insidious attack vector for bad actors (see point two), backup administrators are the new hot target for social engineering attacks. For example, if cybercriminals can hijack a privileged permissions account via psychological manipulation or technology trickery, they can readily encrypt data and delete backups in preparation for a devastating ransomware attack.
Worried you’re at risk? Review your Identity and Access Management strategy, fine-tune backup administrator permissions and schedule social engineering training as priorities.
4. AIR GAPPING DATA BACKUPS IS AN INSURANCE UNDERWRITING ESSENTIAL
Air gapping has moved on from the days of tape backups, physically isolated and locked away in storage. Today, IT leaders can achieve equivalent protection by backing up to alternative types of storage repositories in redundant cloud or on-premises locations, with separate credentials used to manage these backups.
Air gapping significantly increases your backup resiliency and availability and arms you with excellent data protection credentials. It’s so effective that many cyber insurance companies will only underwrite policies if modern air gapping is in place. For advice about building the correct type of resilient backup environment for your data, contact Node4.
Although backing up is primarily talked about in business terms, there’s a real human cost behind data loss. Be it the strife and stress of recovering operations after a major breach or the heartbreak of precious personal memories lost for good – there are a million reasons to back up better.
HOW CAN WE HELP YOU?
For more about how Node4 can help simplify and strengthen your data backup and recovery, click below.