Anthony Spiteri, Regional CTO APJ for Veeam, says Veeam’s latest Data Protection Trends report (DPR), 2024 is the “fourth consecutive year cyber-attacks were listed as the most common and most impactful causes of business outages”.
According to Spiteri ransomware continues to be “more of an inevitability than not” with eight in ten 10 APJ organisations suffering at least one ransomware attack last year - and the repercussions “extend not only to business continuity but ultimately, brand reputation damage and loss of revenue”.
“In fact, Veeam’s DPR report found that cyber threats are one of the biggest inhibitors to achieving DX initiatives in APJ, as resources are diverted away. This illustrates a need for resilient backup strategies, in addition to protective measures,” cautions Spiteri.
|
Spiteri notes that this year, Veeam outlines five best practices for secure backup that will help increase their cyber-resilience:
Keep attackers out – work towards Zero Trust:
- Cyber resilience is about adapting and evolving to stay ahead of threats. Zero trust is a journey where new security practices are implemented and refined over time, to protect against threats that may exist both inside and outside the network. Zero trust ensures security practices are maintained in a constantly evolving landscape and all endpoints are secured by default.
Data immutability:
- With the rise of ransomware, having an immutable backup has become critical to keep businesses running. This is because threat actors now routinely attack backups. Immutable means that something is unable to be changed or deleted so if backups are targeted, attackers still can’t alter the data, ensuring recoverability.
Use encryption:
- This is where the partnership between the security and backup teams is more and more crucial. Together, they must develop and implement robust strategies to safeguard data throughout its lifecycle, from creation to backup storage. By ensuring a cohesive approach, these teams can enhance data protection measures, effectively mitigating the risk of unauthorised data access and ensuring comprehensive security in the backup process using best of breed technologies.
Plan (and test!) for the Worst:
- Build a proven, documented plan by keeping your documentation up to date, testing your backup plan regularly and proving your RPO/RTO.
Don’t Reintroduce the Threat:
- Restore with confidence by having a plan for infections, and avoiding reinfections from backup data that may have undetected latent malware that has not yet been activated.