Keeping up with evolving cyber threats isn’t easy, even in the largest and most well-funded organizations. PwC’s 2024 survey on global digital trust found that only 2% of companies are optimizing and continuously improving across nine cyber resilience best practices. What’s more, only 3% of companies continually update risk management plans. The “keeping up” part of security sounds more like running in place (barely).
The threat landscape will only continue to become more sophisticated. In fact, last year, we observed more instances of “cyber-espionage” in which hacktivists take down critical infrastructure systems or expose data publicly, and “intermittent encryption,” where hackers only encrypt alternate bundles of data in order to escape detection.
As the value of enterprise data continues to soar and the creativity and sophistication of hackers reach new heights, it’s absolutely critical to have a solid backup approach—both in infrastructure and culture. But how do you achieve it? Here are a few best practices to consider when implementing a strong data protection strategy:
1. Focus on Proactive Threat and Vulnerability Management
With any security event, there’s a before, a during, and an after. Before an attack, adversaries are doing their homework. They’re learning about your organization to understand the size and scope of their opportunity, often trying to discover cybersecurity insurance limits, critical operations your organization is running, and where and to whom services are provided. Armed with that information, the attacker can plot a course to try to force a ransom payment. That’s why it’s critical that organizations do their homework, too.
Stay up to date on current cyber events disrupting different geographies, industries, and groups, as well as the types of attacks most likely to impact your business. Armed with that, prepare your internal or external cyber threat management teams, and educate your employees about what to look out for.
As part of a proactive stance, I recommend implementing:
- Multi-factor authentication and admin credential vaulting
- A fast analytics platform for log data to help run fast searches and correlation events to identify signs of potential threat actors in your environment before they strike
- Consistent logging across environments to bolster defenses
- Good systems hygiene using a well-defined, active patch management program
2. Implement a Multi-Tier Data Protection Architecture
When it comes to cybersecurity, attack prevention is only half the battle. Data protection strategies can’t just cover the before of an event, they must meet expectations after an event as well.
Implementing a multi-tier data protection and resiliency architecture is an excellent way to build resilience and durability into a recovery strategy. Tiered backup architectures use different logical and geographic locations to meet diverse backup and recovery needs. They also help to ensure that the appropriate recovery time objectives are met by offering a host of features that help the business get back up and running as quickly as possible after an attack takes place. Adopt a tiered backup architecture using different logical and geographic locations to meet diverse backup and recovery needs.
As part of this, I also recommend a secure isolated recovery environment (SIRE), a special environment for storing and protecting clean backups of data. Unlike typical backups, SIREs are intentionally stored away from the main network so that data can’t get infected or deleted in the event of a cyber incident or other disaster. A SIRE isn’t just another backup—it’s your fail-safe when the worst happens, giving you a guaranteed point recovery to restore critical operations quickly, cleanly, and with confidence.
3. Treat Data as a First-Class Citizen with Enhanced Data Visibility and Resilience
Prioritize better visibility into data and implementing fail-proof backup and recovery systems. To protect valuable datasets and processes, organizations need visibility into data and fail-proof systems that keep business going even if attackers do get a foot in the door. Above, I mentioned how a fast analytics platform for log data can run fast searches and correlate events to identify signs of potential threat actors in your environment before they strike. Highly performant data storage like Pure Storage can ingest and analyze anomalies in real-time, empowering your threat hunting teams to spot intruders lurking on your network before the damage is done.
4. Adopt Super-Immutable Backup Solutions
Without immutability, backup data becomes just as vulnerable to infection as your primary dataset. Ransomware attacks have evolved to specifically target backup systems, rendering conventional protection strategies ineffective. These modern ransomware strains deliberately neutralize backups before launching their main attack, ensuring victims have no recovery options except paying the ransom.
Immutable backups serve as a formidable barrier against ransomware attacks, accidental deletions, and even malicious insider threats with elevated privileges. Simply restore from these untampered copies without paying ransoms, minimizing downtime and financial loss.
Unlike other solutions, SafeMode™ Snapshots are truly immutable and cannot be eradicated (deleted), modified, or encrypted by ransomware or malicious actors. They’re protected with multifactor authentication and require a stringent multi-step verification process involving Pure Storage’s support team to make any changes. SafeMode automatically generates immutable snapshots at customizable intervals, ensuring you always have up-to-date, unaltered versions of your data. Robust configurable policies for snapshot frequency, retention, and replication to various destinations prevent attackers from compromising your entire backup strategy, and SafeMode can complete restores 10 to 20 times faster than competing solutions.
This combination of ironclad protection and rapid recovery capability makes immutable backups an essential component of any modern cyber resilience strategy.
The Key to Organizational Success is Resilience and Agility
This World Backup Day serves as a timely reminder for organizations to re-evaluate their security approach and tooling. But the positive impact of data resilience and protection spans much beyond a simple day. Building resilience and agility across the organization is crucial not only for data but for overall business success. Organizations that safeguard application data effectively will ensure business continuity even in the face of sophisticated threats.